last executing test programs:

20m5.823856903s ago: executing program 2 (id=1877):
openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/notes', 0x0, 0x10)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x9}, 0x0, &(0x7f00000002c0)={0x3fb, 0x8000, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0x80000002, 0x2}, 0x0, 0x0) (fail_nth: 1)

20m4.897535962s ago: executing program 2 (id=1880):
r0 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
syz_open_procfs(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = userfaultfd(0x1)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0)
preadv2(r3, &(0x7f0000001540)=[{0x0}, {&(0x7f0000001380)=""/129, 0x7ffff000}], 0x2, 0x0, 0x0, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3})
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000000200)=""/9, 0x9}], 0x1, 0x77, 0x5)
timerfd_create(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000200)='./file1\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r4, 0xffffffff80000800, 0x0, &(0x7f0000000280)={0xeb54, 0xc, 0xff00, 0x3e, 0x0, 0x6, 0xfffffffffffffffe, 0x9, 0xd304})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

20m3.567393173s ago: executing program 2 (id=1887):
syz_open_procfs(0x0, &(0x7f00000000c0)='mounts\x00')
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="3000000010003946d343f79235a2920000000000", @ANYRES32=0x0, @ANYBLOB="019800000000000010001280080001006772650004000280"], 0x30}}, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r2)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[], 0x78}, 0x1, 0xffffffff00000003, 0x0, 0x4}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000240)=@req3={0x1000, 0x1, 0x1000, 0x1, 0x7ff, 0xf84, 0x3}, 0x1c)
syz_emit_ethernet(0x3e, &(0x7f0000000380)=ANY=[@ANYRES64=r0, @ANYRESHEX=r3], 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0xfffffffffffffffc, 0x3, 0x8, 0x2, 0xc, 0xfffffffffffffffc, 0x3}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x400d, 0x4, 0x2, 0x466}, 0x0, 0x0)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000040)='devpts\x00', 0x2200892, 0x0)

20m3.110216764s ago: executing program 2 (id=1889):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001)

20m2.436533356s ago: executing program 2 (id=1893):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x13, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000200), 0x2}, 0x38)
sendmsg$OSF_MSG_ADD(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="b80b000000050104000000000000000003000080540201"], 0xbb8}, 0x1, 0x0, 0x0, 0x2000}, 0x4004040)
r4 = mq_open(&(0x7f0000000000)='sit0\x00', 0x41, 0x9, 0x0)
close(0x3)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
unshare(0x22020400)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[], 0x0, 0x37}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r5, 0x2, 0x1}, 0x48)
r6 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x511000)
ioctl$CEC_S_MODE(r6, 0x40046109, &(0x7f0000000100)=0x8)
r7 = socket$netlink(0x10, 0x3, 0x0)
mq_timedsend(r4, 0x0, 0x0, 0x800, 0x0)
r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0xc0000, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r8, 0xc0184800, &(0x7f0000000080)={0x800, r7, 0x1})

20m1.484061474s ago: executing program 2 (id=1898):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2a}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000240)=<r0=>0x0)
prlimit64(r0, 0x5, &(0x7f0000000340)={0x11, 0x4}, &(0x7f0000000380))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x71f2, 0x0, 0x0, 0x40}, &(0x7f0000000300), &(0x7f0000000440))
io_uring_enter(r2, 0x54, 0x0, 0x1, 0x0, 0x0)
epoll_create1(0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb005}, 0x4)
sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="f8ffff1fc678a904000000000000000006000002"], 0x14}}, 0x4800)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000100)='.\x00', &(0x7f0000002280)='vxfs\x00', 0x1000080, 0x0)

20m0.410422858s ago: executing program 32 (id=1898):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2a}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000240)=<r0=>0x0)
prlimit64(r0, 0x5, &(0x7f0000000340)={0x11, 0x4}, &(0x7f0000000380))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x71f2, 0x0, 0x0, 0x40}, &(0x7f0000000300), &(0x7f0000000440))
io_uring_enter(r2, 0x54, 0x0, 0x1, 0x0, 0x0)
epoll_create1(0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb005}, 0x4)
sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="f8ffff1fc678a904000000000000000006000002"], 0x14}}, 0x4800)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000100)='.\x00', &(0x7f0000002280)='vxfs\x00', 0x1000080, 0x0)

10m56.669538135s ago: executing program 1 (id=3945):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000280)=@newsa={0x140, 0x10, 0x1, 0x70bd28, 0x25dfdbff, {{@in=@local, @in6=@empty, 0x4e23, 0x0, 0x2000, 0x8000, 0x0, 0x20, 0x0, 0xc}, {@in6=@private0, 0x20, 0x6c}, @in=@multicast1, {0xfffffffffffffffe, 0x0, 0x0, 0x800000000000001, 0x10000000002c8, 0x6, 0x4000000000000}, {0x1fffffffffff, 0x8, 0x0, 0x4}, {0x0, 0x9}, 0x0, 0x0, 0x2, 0x1, 0x0, 0x3}, [@XFRMA_IF_ID={0x8, 0x1f, 0x4}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x140}, 0x1, 0x0, 0x0, 0x4075}, 0x4800)
r3 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000180)={{{@in=@broadcast, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x5}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x32}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x7}}}, 0x19)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x38, r1, 0x1, 0x0, 0x4, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xf8eb, 0x400, 0x6, 0xad, 0x7f, 0xff2b]}}]}]}]}, 0x38}}, 0x4000)
r5 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205647, &(0x7f0000000080)={0xf020000, 0x1, 0xfffffffe, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)={0x98f909, 0x8002, '\x00', @p_u32=0x0}})
r6 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$sock_inet_SIOCGIFBRDADDR(r6, 0x8919, &(0x7f0000000080)={'batadv0\x00', {0x2, 0x0, @broadcast}})

10m55.624833751s ago: executing program 1 (id=3948):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x1}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x0) (fail_nth: 4)

10m55.213059546s ago: executing program 1 (id=3951):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r2, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5)
socket$nl_rdma(0x10, 0x3, 0x14)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQ(r3, 0x5411, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(r4, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r4, &(0x7f0000000180), 0x400008a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
getsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000f80), &(0x7f0000000fc0)=0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48)
r5 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
close(r5)

10m54.831691303s ago: executing program 1 (id=3953):
r0 = add_key$keyring(&(0x7f0000000340), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$describe(0x6, r0, &(0x7f0000000040), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x8)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x100)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
msgget$private(0x0, 0x790)
syz_emit_ethernet(0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$9p_unix(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
r2 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
socket$nl_generic(0x10, 0x3, 0x10)

10m54.367798058s ago: executing program 1 (id=3955):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, &(0x7f0000000480)="66baa000b0e1ee0f20d835200000000f22d866b8ce000f00d8c4e1bd72d3000f01bf6dcc61ac66baa100ed66ddc6c4c235aa0f9c0f01c4", 0x37}], 0x1, 0xdf, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x400000b4e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = syz_open_dev$media(&(0x7f0000000cc0), 0x1778c, 0x606500)
ioctl$FS_IOC_FSGETXATTR(r4, 0x801c581f, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={<r5=>0xffffffffffffffff})
r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000280), 0x40, 0x0)
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r6, 0x3b71, &(0x7f0000000400)={0x20, 0x1, &(0x7f00000002c0)="f4f9c1b9ad595ca20c6e1301bf0541896382500fcfc1672050f3eca79f8b7f3da54a228627bd43312b58d4a736bb3c0a861d235f726e33494450b66d35183179a7417ed34c4fc8ba2c5dbfb1bbdc65e1e5ecec7a2e393b8b", 0x2, 0x6})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000600)=ANY=[@ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="0500"/12, @ANYRES32, @ANYRES64=0x0], 0x10)
sendmsg$inet(r5, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000580)=[@text16={0x10, 0x0}], 0x0, 0x54, 0x0, 0xffffffffffffffc6)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'dvmrp0\x00', 0x2})
r10 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
writev(r10, &(0x7f0000000100)=[{&(0x7f0000000040)="315a942c4bb9837879b600799ee5043ca77648c116e9065a43793541e86e971681"}, {&(0x7f0000000080)="f5960ac63dc622c32d60ce5fa805014ce8dce0ed8c8b274305c4e47148e4b461", 0x57}], 0x3)

10m53.3649523s ago: executing program 1 (id=3957):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x8, 0x0, &(0x7f0000000240)=[@enter_looper, @register_looper], 0x0, 0x0, 0x0})
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x5a, 0x60, 0x8e, 0x40, 0x10b8, 0x1ebc, 0x17d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xff, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x26, 0x0, 0x0, 0xc1, 0x83, 0x99}}]}}]}}, 0x0)
syz_usb_control_io$printer(r3, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000340)=ANY=[@ANYRESOCT=r3, @ANYRES16=r3], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
set_mempolicy(0x8006, &(0x7f0000000200)=0xfff, 0x5)
r5 = syz_open_dev$evdev(&(0x7f00000003c0), 0x55ae, 0x82)
ioctl$EVIOCGRAB(r5, 0x40044590, &(0x7f0000000400)=0x7)
r6 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r7)
sendmsg$NET_DM_CMD_START(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r8, 0x1}, 0x14}}, 0x0)
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r7)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000080)={'wpan0\x00', <r10=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000000c0)={'wpan3\x00', <r11=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000100)={'wpan3\x00', <r12=>0x0})
sendmsg$NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x5d, r9, 0x20, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0xf3, 0x3, r12}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c090}, 0x0)

10m53.097706429s ago: executing program 33 (id=3957):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x8, 0x0, &(0x7f0000000240)=[@enter_looper, @register_looper], 0x0, 0x0, 0x0})
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x5a, 0x60, 0x8e, 0x40, 0x10b8, 0x1ebc, 0x17d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xff, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x26, 0x0, 0x0, 0xc1, 0x83, 0x99}}]}}]}}, 0x0)
syz_usb_control_io$printer(r3, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000340)=ANY=[@ANYRESOCT=r3, @ANYRES16=r3], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
set_mempolicy(0x8006, &(0x7f0000000200)=0xfff, 0x5)
r5 = syz_open_dev$evdev(&(0x7f00000003c0), 0x55ae, 0x82)
ioctl$EVIOCGRAB(r5, 0x40044590, &(0x7f0000000400)=0x7)
r6 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r7)
sendmsg$NET_DM_CMD_START(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r8, 0x1}, 0x14}}, 0x0)
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r7)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000080)={'wpan0\x00', <r10=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000000c0)={'wpan3\x00', <r11=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000100)={'wpan3\x00', <r12=>0x0})
sendmsg$NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x5d, r9, 0x20, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0xf3, 0x3, r12}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c090}, 0x0)

8.751869136s ago: executing program 5 (id=6418):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000540)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @remote, 0x9}, 0x1c, 0x0, 0x0, 0x0, 0x590}}], 0x1, 0x8008801)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={0x0, 0x3, 0x11fb, 0x3, 0xaa}, 0x14) (fail_nth: 2)

7.496362419s ago: executing program 5 (id=6422):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)

7.230250462s ago: executing program 4 (id=6425):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$netlink(0x10, 0x3, 0x0)
socket$key(0xf, 0x3, 0x2)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x2, 'dh\x00', 0x1, 0x5, 0x4a}, 0x2c)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82187201, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x400448ca, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000181000010000000000000000000000000a40000000060a010400000000000000000200050000000000000400000000000000796e7365740000180002800900010073797a30000000000800044000000000140000001100010000000000000000000000000a"], 0x68}}, 0x0)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00', @ANYRES16=r2], 0x44}}, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c8, &(0x7f0000000100))

7.22921585s ago: executing program 5 (id=6426):
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES16=0x0], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x3a)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000003fc0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
poll(&(0x7f0000001380)=[{r5, 0x48}], 0x1, 0x1)
sendmmsg$unix(r4, &(0x7f0000000000), 0x3ffffffffffff40, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5201)
syz_open_procfs(0x0, 0x0)
ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d08, &(0x7f0000000040)=0x45)
recvmmsg(r0, &(0x7f0000008740)=[{{0x0, 0x0, 0x0}, 0xa0fc}], 0x1, 0x2100, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
preadv(r6, &(0x7f0000000000)=[{&(0x7f0000000080)=""/242, 0xf2}], 0x1, 0x2, 0x2)
r7 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
r8 = openat$selinux_policy(0xffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r8, 0x0)
write$selinux_load(r7, &(0x7f0000000000)=ANY=[], 0xffa8)

6.405879471s ago: executing program 6 (id=6428):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x18, 0x1411, 0x1, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000004}, 0x80)

6.349538757s ago: executing program 4 (id=6429):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0)
io_setup(0x3, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x5400, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x0, &(0x7f0000000480)})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$alg(0x26, 0x5, 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
name_to_handle_at(r2, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1c0000008200000000040000000000001300000000100000070000000000000003000000"], &(0x7f0000000500), 0x1400)
fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, <r3=>0x0})
syz_open_procfs$namespace(r3, &(0x7f0000000240)='ns/pid_for_children\x00')
r4 = openat$cachefiles(0xffffff9c, &(0x7f0000000000), 0x8000, 0x0)
sendmmsg$alg(r4, &(0x7f0000000b40)=[{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f00000002c0)="9c284e5d7d81334455c56361c4e4960b08184a76755ac09cd88a4d63bbc3ab275893f29f7fbb42f8d1634d565d75f621235cbb3e90bbebb5c1a19b771ea5f16fba5ed84efd78b6b626d4900707b4e19602aba873e36ec4ad3b3c25fe56733f77623757ad5577adb0c4d526a5db88a7e65b7af3c41d64401669444fbf258a6c72eea3045027dd9600e0623972f830e6533cdc7a86881b26f471579162e9b595cd19b4bc561702e8e805efca5b25555dfbb4f6c58fe0de1d02cbb80fcd843952edd3e3bc4bac9cd34cb307148ddccda3905752858c8c687d9d71c08b1df33b39537ca89e76a107afcb8ddaa9e401445f", 0xef}, {&(0x7f00000003c0)="f8d40119501f96866c2c1d80b812d23962c966399f08e4164faa6b4e62978c95492ef0ddb1ff842ffb77fe462db3f157ea4a834d", 0x34}, {&(0x7f0000000540)="d4297357e211818653dfb6d1bf44e1f77fe8fd70f23d3df9bc51832f0562a966df1b9f6c727c46ae7ced8b0f7384d3ce8f3592894ba019e11c81fdd2a3131ce57c6cb2ee557e78b3abc9f35782799179d2e961a8a4407409790f920df2724fcc378d4d5a6f7dda29cfa59779163747e12872b7861c4d4968a996363257d96e423b1932ae5cbd5e2c8080c55b5cb08d306cc15c21", 0x94}, {&(0x7f0000000600)="d7d4fc90bc6d5463482db7e97d5e8cec2145f86f90fcd13ff76e3ec44a3fdb1abd7e4bd0cec21340dce5542e73e8cb1f15728a552d5d036c49e0b611c3ba3e828b1e362d9f95647ac99c38b546fb9f3e3d9ae9aec34195efd4a83f17b69e7c71973164150fe31467cfed1faefc6cbdee81111bd189c12f96c9ed05505a76f1555a7d0e3c7203d299d44fca2436c0e60a4f0b154a3c32cccea51260e2d01461186efcd96b0c43b8d99831f0fa771f57a9312b92f657933feca633df2876997dd70ba64b49af997a4af5c62847d69ec664d0c4b79f4df8a734f168afabf24cde3739011da20f", 0xe5}, {&(0x7f0000000400)="1b712f7a6c67b34ff5101d7aa5f60514aa683a70a5eed42095832dd53d080d746357129ce5c8594060cb9919f5fd83bda897eddd73ead07b8f2695204c27fcb2a130e036f5309218f63704d3ecf4b784976e483de409b5e4d4d1c8a15816", 0x5e}, {&(0x7f0000000700)="143cdb6620b6f37950ad170cbc983032d869bcef98e97222f9e5964a978e49f6e9351ce55a2ed4c31cbef07e8d8086275b0a12ea36bf39962087bdd9388dbd7173d10694b9f6378a52521056c322681f417be8a5eed2b943b1d47c", 0x5b}, {&(0x7f0000000780)="b1e4f4bdcb3033abedaeb82bc948be433c0994a9ef40a5d348011b7616447b66d3c0d0a6360a881a032beb5c1d08f37b72caddc3983a14dcc020", 0x3a}, {&(0x7f00000007c0)="a4b0a10d130d071b1e6f938db4268c2d1694039bed5104b8c50c80956c760df01eb912eb90161a28c5246788cb5e768557b79a86474db8ba41263d62ba6f5da60b684c50f435e4474cf1c4f94a34bd0f37846ededa13e76653427afac18d6e362bc562fac0b1a0f69aa167e165549723fe08a376741c715d4e4c068dc775e169846020e05deac1e71b7c840bb81b6976921cd686b734ae7f5bc074eb520eed8cb392ce5d6b7b897efab656d5ab2176b51bdca4d69e278495c0d23c8156c080f1a6bb3dec0457f7c1e4442d10532d5f98be19ca0f59230c736aada4431f13cd3aad5d25122928", 0xe6}], 0x8, 0x0, 0x0, 0x1}, {0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000940)="122fc1c52001adfbdd75813928cf20db8c50c19402f959211e2bcb366d8418717e462073efd7307f8801898d929971ce6e9ccddd4b7cd71cb6b1c0fe6d65835da5b91e703e91c142fb732e17a8251fd1028f4c6f948e58078a0d27710fab9eb39c3eb8a3e1d7942a28fdfb68d7cd3f04e28a5009", 0x74}, {&(0x7f00000009c0)="0791700bdf08142d30d90c62fa2146e56fc1fd659229d52c0b7d06cd86b95626a78d6758608fd767081ec8774ac735d1ecf714314e3bb69d8fce77b6976ba3b0edd86b2356e2d9816b1766cbb3b96e87b09b2aa774c2cecb61e5ffebda03ebb676c5b6d203d78cae3eeb70c46e14e65acdb7500939c3aa2f4d62c0f98f3ff1cd99816860dd044cc82de34c6d343b2edc1b362a75e2dac738653183a393ccb5baa33368c7d3497e924343ab913c7da7e82cda62dda0b2f15f5322623bdd3f200bdc6d37bab457da58b40b773176", 0xcd}, {&(0x7f0000000ac0)="ab65b7cd3715b1e1e9306689c5a74919dc46265f8b34b0199b44cc6d1008cfa235", 0x21}], 0x3, 0x0, 0x0, 0x2000c000}], 0x2, 0x20000000)
r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000c00), r4)
sendmsg$FOU_CMD_DEL(r4, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x40, r5, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e21}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4081)

6.237090482s ago: executing program 5 (id=6430):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0)
io_setup(0x3, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x5400, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x3, &(0x7f0000000480)=[{0x48, 0x0, 0x60, 0xc68}, {0x1, 0x7, 0x1, 0x4}, {0x0, 0x8, 0x9, 0x580}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$alg(0x26, 0x5, 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
name_to_handle_at(r2, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1c0000008200000000040000000000001300000000100000070000000000000003000000"], &(0x7f0000000500), 0x1400)
fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, <r3=>0x0})
syz_open_procfs$namespace(r3, &(0x7f0000000240)='ns/pid_for_children\x00')
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000b40)=[{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f00000002c0)="9c284e5d7d81334455c56361c4e4960b08184a76755ac09cd88a4d63bbc3ab275893f29f7fbb42f8d1634d565d75f621235cbb3e90bbebb5c1a19b771ea5f16fba5ed84efd78b6b626d4900707b4e19602aba873e36ec4ad3b3c25fe56733f77623757ad5577adb0c4d526a5db88a7e65b7af3c41d64401669444fbf258a6c72eea3045027dd9600e0623972f830e6533cdc7a86881b26f471579162e9b595cd19b4bc561702e8e805efca5b25555dfbb4f6c58fe0de1d02cbb80fcd843952edd3e3bc4bac9cd34cb307148ddccda3905752858c8c687d9d71c08b1df33b39537ca89e76a107afcb8ddaa9e401445f", 0xef}, {&(0x7f00000003c0)="f8d40119501f96866c2c1d80b812d23962c966399f08e4164faa6b4e62978c95492ef0ddb1ff842ffb77fe462db3f157ea4a834d", 0x34}, {&(0x7f0000000540)="d4297357e211818653dfb6d1bf44e1f77fe8fd70f23d3df9bc51832f0562a966df1b9f6c727c46ae7ced8b0f7384d3ce8f3592894ba019e11c81fdd2a3131ce57c6cb2ee557e78b3abc9f35782799179d2e961a8a4407409790f920df2724fcc378d4d5a6f7dda29cfa59779163747e12872b7861c4d4968a996363257d96e423b1932ae5cbd5e2c8080c55b5cb08d306cc15c21", 0x94}, {&(0x7f0000000600)="d7d4fc90bc6d5463482db7e97d5e8cec2145f86f90fcd13ff76e3ec44a3fdb1abd7e4bd0cec21340dce5542e73e8cb1f15728a552d5d036c49e0b611c3ba3e828b1e362d9f95647ac99c38b546fb9f3e3d9ae9aec34195efd4a83f17b69e7c71973164150fe31467cfed1faefc6cbdee81111bd189c12f96c9ed05505a76f1555a7d0e3c7203d299d44fca2436c0e60a4f0b154a3c32cccea51260e2d01461186efcd96b0c43b8d99831f0fa771f57a9312b92f657933feca633df2876997dd70ba64b49af997a4af5c62847d69ec664d0c4b79f4df8a734f168afabf24cde3739011da20f", 0xe5}, {&(0x7f0000000400)="1b712f7a6c67b34ff5101d7aa5f60514aa683a70a5eed42095832dd53d080d746357129ce5c8594060cb9919f5fd83bda897eddd73ead07b8f2695204c27fcb2a130e036f5309218f63704d3ecf4b784976e483de409b5e4d4d1c8a15816", 0x5e}, {&(0x7f0000000700)="143cdb6620b6f37950ad170cbc983032d869bcef98e97222f9e5964a978e49f6e9351ce55a2ed4c31cbef07e8d8086275b0a12ea36bf39962087bdd9388dbd7173d10694b9f6378a52521056c322681f417be8a5eed2b943b1d47c", 0x5b}, {&(0x7f0000000780)="b1e4f4bdcb3033abedaeb82bc948be433c0994a9ef40a5d348011b7616447b66d3c0d0a6360a881a032beb5c1d08f37b72caddc3983a14dcc020", 0x3a}, {&(0x7f00000007c0)="a4b0a10d130d071b1e6f938db4268c2d1694039bed5104b8c50c80956c760df01eb912eb90161a28c5246788cb5e768557b79a86474db8ba41263d62ba6f5da60b684c50f435e4474cf1c4f94a34bd0f37846ededa13e76653427afac18d6e362bc562fac0b1a0f69aa167e165549723fe08a376741c715d4e4c068dc775e169846020e05deac1e71b7c840bb81b6976921cd686b734ae7f5bc074eb520eed8cb392ce5d6b7b897efab656d5ab2176b51bdca4d69e278495c0d23c8156c080f1a6bb3dec0457f7c1e4442d10532d5f98be19ca0f59230c736aada4431f13cd3aad5d25122928", 0xe6}], 0x8, 0x0, 0x0, 0x1}, {0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000940)="122fc1c52001adfbdd75813928cf20db8c50c19402f959211e2bcb366d8418717e462073efd7307f8801898d929971ce6e9ccddd4b7cd71cb6b1c0fe6d65835da5b91e703e91c142fb732e17a8251fd1028f4c6f948e58078a0d27710fab9eb39c3eb8a3e1d7942a28fdfb68d7cd3f04e28a5009", 0x74}, {&(0x7f00000009c0)="0791700bdf08142d30d90c62fa2146e56fc1fd659229d52c0b7d06cd86b95626a78d6758608fd767081ec8774ac735d1ecf714314e3bb69d8fce77b6976ba3b0edd86b2356e2d9816b1766cbb3b96e87b09b2aa774c2cecb61e5ffebda03ebb676c5b6d203d78cae3eeb70c46e14e65acdb7500939c3aa2f4d62c0f98f3ff1cd99816860dd044cc82de34c6d343b2edc1b362a75e2dac738653183a393ccb5baa33368c7d3497e924343ab913c7da7e82cda62dda0b2f15f5322623bdd3f200bdc6d37bab457da58b40b773176", 0xcd}, {&(0x7f0000000ac0)="ab65b7cd3715b1e1e9306689c5a74919dc46265f8b34b0199b44cc6d1008cfa235", 0x21}], 0x3, 0x0, 0x0, 0x2000c000}], 0x2, 0x20000000)
r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000c00), 0xffffffffffffffff)
sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x40, r4, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e21}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4081)

6.201663021s ago: executing program 6 (id=6431):
mount(0x0, 0x0, &(0x7f0000000040)='ubifs\x00', 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000080)={0x5, 0x2})
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x3) (fail_nth: 2)

6.126157618s ago: executing program 4 (id=6432):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x6}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000), 0x8)
ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0xd1)
lsetxattr$system_posix_acl(0x0, &(0x7f0000000400)='system.posix_acl_default\x00', 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x800000000000001, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019640)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000017c00000400fc80a72601"], 0x26c0}}, 0x40050)
syz_init_net_socket$ax25(0x3, 0x2, 0x1)
request_key(0x0, 0x0, &(0x7f0000000440)='/dev/cpu/#/msr\x00', 0x0)

5.501174814s ago: executing program 6 (id=6433):
r0 = socket$inet(0xa, 0x801, 0x84)
listen(r0, 0x8)
syz_usb_connect$hid(0x0, 0x90, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(0xffffffffffffffff, 0x47bc, 0x0, 0x0, 0x0, 0x0)

5.455190581s ago: executing program 0 (id=6434):
writev(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='contention_end\x00', r1}, 0x18)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c02600004100070100000000ff000000017c00000400fc80a72601"], 0x26c0}}, 0x4c000)

5.450553845s ago: executing program 5 (id=6435):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0xfffffffffffffffe, 0x1, 0x0, 0x0, 0x40}, 0x4000090)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
socket$packet(0x11, 0x2, 0x300)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0xfffffffffffffd58, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
sendto$inet(r2, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10)
sendto$inet(r2, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x7b53a000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f00000001c0)={0x0, 'pim6reg1\x00', {0x3}, 0x6})
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)

4.25130619s ago: executing program 6 (id=6437):
sched_setscheduler(0x0, 0x2, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12011001581c2908570b2a85396d0102030109021b00010001000b0904c8020103010203090504"], 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000049c0)=ANY=[@ANYRES8=r0], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
prctl$PR_SET_KEEPCAPS(0x8, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f088a847e0ffff00124000632f77fbac141416e000030a94029f034d2f87e589ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)
r2 = syz_usb_connect(0x3, 0x1a1, &(0x7f0000000380)={{0x12, 0x1, 0x110, 0x19, 0xcd, 0x56, 0xff, 0x5a9, 0xa511, 0x9dc6, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x18f, 0x1, 0x2, 0xa, 0xf0, 0x5, [{{0x9, 0x4, 0x42, 0x72, 0x3, 0xd0, 0x70, 0x83, 0x8, [@uac_as={[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x6, 0x2, 0x8, 0x7f, "e8", "1944f6"}]}, @cdc_ncm={{0xa, 0x24, 0x6, 0x0, 0x1, "fbc348dea9"}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x9, 0x5, 0x1}, {0x6, 0x24, 0x1a, 0x9}, [@dmm={0x7, 0x24, 0x14, 0x377c, 0x1000}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}, @network_terminal={0x7, 0x24, 0xa, 0x21, 0x4, 0x1, 0x73}, @obex={0x5, 0x24, 0x15, 0x4}, @dmm={0x7, 0x24, 0x14, 0x3, 0x373}]}], [{{0x9, 0x5, 0xcee98e04f540d80d, 0x0, 0x200, 0x6, 0x7, 0x8, [@generic={0x11, 0x8, "fb5990ce056e5c61f33e5f650dfd3e"}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x6, 0x7}]}}, {{0x9, 0x5, 0x0, 0x4, 0x400, 0x8, 0x2, 0xf6, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1, 0x7}]}}, {{0x9, 0x5, 0x7, 0x4, 0x228, 0x8, 0x1, 0x2, [@generic={0xc7, 0xd, "2511811fbf015a0b8ea9660236700198fc46ca1c3374ef5f890a33ba0982a24f473e80a5fe70828cb6834bb68c954bee0edb4de67c5946e94e5c315a9b4834e38176b37981f45665bebd8c777ae66e92c887ddd048c1d9359616e2547994f036ec6bbe249d0c3f07b9a984ad6ad813025701be99e72c6180333ea1a80f4545537ca4872ea99a14c63de1c33441a3c82c074f884c4c2c65296dbda59cc006c7f3c04782a49a6dc8a516c5210b77989f68121d59879e1a6c413a6e467c5ab57fbd8bb75448d0"}, @generic={0x2f, 0x8, "4eb7ce8db9b38502138908996fb46fe42b2c3741d4bf41507f7993073cfed05ca66c6174f4bd2149791559ac8e"}]}}]}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x300, 0xfb, 0x8, 0x7, 0x20, 0x7}, 0x12a, &(0x7f0000000540)={0x5, 0xf, 0x12a, 0x6, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x6, 0x6, 0x8}, @ssp_cap={0x10, 0x10, 0xa, 0x6, 0x1, 0x6365, 0xf000, 0x0, [0x3f00]}, @generic={0x97, 0x10, 0xa, "4c5c4a993275de05dc029604c0f69e5cf0d6553f91296d440c70531727de45da7e79c281e607c32c1459e2aafb6c424c5019d12575e86d1d775def8088f46e68af3386247de9815d2269d930e17cd83e2c15fda51d88fa7991f74c581d139f6defd7326584071f724fdd20a0b712ad7c846d2bebc56c042e8c1370056c7cb3271d87b9f45f757c46f8d5c26c23a3ac4bf1461dad"}, @generic={0x5d, 0x10, 0xb, "1a69767a51a06cba348d05c4c3e6c5deb2a976440a6c52c8fed4cebb5ef408384e871a3d536a0e48d5c6cacd01c9a07519343abc5efeb5e68500d09b0a8b51be52742b0be15abd246af9339755e04dc892b95fd8a9573209b495"}, @ss_container_id={0x14, 0x10, 0x4, 0xb5, "92e36c50dc1680fe338abbebe31748c2"}, @ptm_cap={0x3}]}, 0x1, [{0x4, &(0x7f0000000040)=@lang_id={0x4, 0x3, 0xc1a}}]})
syz_usb_ep_read(r2, 0x7, 0x95, &(0x7f0000000680)=""/149)

4.217142101s ago: executing program 0 (id=6438):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2)
r3 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3)
ftruncate(r3, 0xffff)
fcntl$addseals(r3, 0x409, 0x7)
r4 = ioctl$UDMABUF_CREATE_LIST(r2, 0x40087543, &(0x7f0000000500)={0x0, 0x1, [{r3, 0x0, 0x0, 0x8000}]})
lseek(r4, 0x0, 0x2)
ioctl$DMA_BUF_SET_NAME_A(r4, 0x40046201, &(0x7f0000000040)=']\x00')
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(r1, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000f80), &(0x7f0000000fc0)=0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48)
r5 = socket$key(0xf, 0x3, 0x2)
close(r5)

4.139581677s ago: executing program 3 (id=6439):
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0xe8c}, 0x2d, 0xfffffffffffffff9)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
keyctl$instantiate(0xc, 0x0, 0x0, 0x20, 0xfffffffffffffffd)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)

4.081161964s ago: executing program 0 (id=6440):
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00')
write$vhost_msg(r1, 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x68, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xa1, 0x12, 0x17, 0x10, 0xb95, 0x172a, 0xf7f4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xfb, 0x0, 0x2, 0x6c, 0x5d, 0x65, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000900)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={0x40, 0x13, 0x6, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r2, 0x0, &(0x7f0000000200)={0x1c, &(0x7f0000000100)={0x40, 0x12, 0x6d, "671d8d384a6df094c5f252508b46c65621012e065f0833fa6a4beba0271e2b40651288a497684648df7c73fbf632ec74264cc8c5d776fd40756d3760d9b2162f367a788f80277ea8cb5eb283908aa264f4f48b2bf96b9362e41e9ca4f8da048b220b202337d07ae36e7d64a39a"}, &(0x7f0000000180)={0x0, 0xa, 0x1, 0x6}, &(0x7f00000001c0)={0x0, 0x8, 0x1, 0x33}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@ipv4_deladdr={0x50, 0x15, 0x4, 0x70bd2c, 0x25dfdbfc, {0x2, 0x3f, 0x1, 0xc8, r3}, [@IFA_BROADCAST={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x30}}, @IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_RT_PRIORITY={0x8, 0x9, 0x2}, @IFA_RT_PRIORITY={0x8, 0x9, 0x4}, @IFA_RT_PRIORITY={0x8, 0x9, 0x8}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x1}, @IFA_BROADCAST={0x8, 0x4, @multicast2}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000800}, 0xc001)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_request\x00', 0xffffffffffffffff, 0x0, 0x7f}, 0x18)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e0000001000815aa74cceec59acbc0413010048100000005e14060200000002800000121f", 0x25}], 0x1}, 0x0)

4.080506826s ago: executing program 4 (id=6441):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}, [@ldst={0x1, 0x3, 0x3, 0x9, 0x1, 0xb0}]}, &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
ioctl$COMEDI_INSN(r0, 0x8028640c, 0x0)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0)
mlock2(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
socket(0x2, 0x80805, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1})
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}})
ioctl$VIDIOC_QBUF(r2, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x1, {}, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0x20800})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)

3.672354052s ago: executing program 4 (id=6442):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
io_uring_setup(0x4126, &(0x7f00000007c0)={0x0, 0x0, 0x800, 0x0, 0x1000000})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c0000001020010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010067726574617000000c00028005000a0001000000"], 0x3c}}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000010c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x460, 0x280, 0x268, 0x300, 0x280, 0x268, 0x390, 0x460, 0x460, 0x390, 0x460, 0x9, 0x0, {[{{@uncond, 0x0, 0x240, 0x280, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0xb, 0x0, 0x3, 0x0, 0x5, 0x9}}}, @common=@unspec=@limit={{0x48}, {0xfff, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x2}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x8, 0x21, "6bb6778f9bdec125b0fb4f26be757b1e6f2fb8e9079627dc6726c4bc85e9"}}}, {{@ipv6={@private2, @remote, [], [], 'ip6gretap0\x00', 'ip6_vti0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x511)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r4, &(0x7f0000000340)='g', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x3c, r6, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xffffffff}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x80}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000500)=""/142, 0x8e}, {&(0x7f00000000c0)=""/36, 0x24}, {&(0x7f00000005c0)=""/241, 0xf1}, {0x0}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f0000000880)=""/193, 0xc1}, {&(0x7f0000000240)=""/105, 0x69}, {&(0x7f0000000380)=""/80, 0x50}, {&(0x7f0000000100)=""/53, 0x35}, {&(0x7f0000002580)=""/4096, 0x1000}], 0xa}, 0x40000100)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='bic\x00', 0x4)
shutdown(r4, 0x1)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2600a, 0x5000}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_6RD_RELAY_PREFIXLEN={0x6, 0xe, 0xf001}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @remote}]}}}]}, 0x40}}, 0x8000)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0xfffffffffffffffe, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x4000000000000000, 0x0, 0x7fffffff, 0x4, 0x0, 0x7fffffff}, 0x0, 0x0)

3.231471241s ago: executing program 3 (id=6443):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/tty/drivers\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x4}, [@map_fd={0x18, 0x7, 0x1, 0x0, r1}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
ioctl$COMEDI_INSN(r0, 0x8028640c, 0x0)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0)
mlock2(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
bind$rds(0xffffffffffffffff, &(0x7f00000004c0)={0x2, 0x4e23, @broadcast}, 0x10)
socket(0x2, 0x80805, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1})
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}})
ioctl$VIDIOC_QBUF(r3, 0xc058565d, &(0x7f0000000200)=@multiplanar_mmap={0xfffffff8, 0xd, 0x4, 0x10, 0x53370dc5, {}, {0x7, 0x1, 0x3, 0x68, 0x9, 0x7, "882267cb"}, 0x7f, 0x1, {&(0x7f0000000540)=[{0x2, 0x2, {}, 0x4}, {0x0, 0x602, {0x903}, 0x95b}]}, 0x6578d2b2, 0x0, r1})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)

2.169019797s ago: executing program 3 (id=6444):
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0xe8c}, 0x2d, 0xfffffffffffffff9)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
keyctl$instantiate(0xc, 0x0, 0x0, 0x20, 0xfffffffffffffffd)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) (fail_nth: 2)

2.007202157s ago: executing program 4 (id=6445):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c00000000000000000f883816814100000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000830b0000000000e000000200000000001c000000000000000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRESOCT, @ANYBLOB="7f0000017f00000a0000000800"/28, @ANYRES32=0x0, @ANYRES16, @ANYRES16], 0x230}, 0x40)
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030033000b12d25a80648c2594f90124fc60100c03400f000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x8, 0x4, 0x4, 0x4, 0x0, 0x1}, 0x50)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000640), 0x70)
syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
pipe(&(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r6 = dup(r5)
ioctl$TIOCL_SETSEL(r6, 0x541c, &(0x7f0000000280)={0x2, {0x2, 0x8000, 0x81, 0x0, 0x7, 0x4}})
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
r9 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000380)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r8])
ioctl$TCSETSF(r7, 0x5404, &(0x7f0000000240)={0xc, 0xc2cf, 0x7fffffff, 0x1, 0x1, "00e4fdab790000fb00"})
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='9', 0x1}], 0x1)

1.97669392s ago: executing program 5 (id=6446):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
clock_adjtime(0x0, &(0x7f0000000100)={0x362, 0x7, 0x0, 0x8000000000000001, 0x48c, 0x5, 0xd, 0x424, 0x2, 0xffffffffffffffff, 0xf423f, 0xfffffffffffffff9, 0x7, 0x2, 0x1000000081, 0x5, 0x2, 0x6, 0x2, 0x9220000000000000, 0x3, 0x1, 0x80000001, 0x0, 0x5, 0x7})
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000580)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x240}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_NESTED_STATE(r5, 0x4048aecb, &(0x7f0000001440)={{0x5, 0x0, 0x80, {0xffffffffffffffff, 0x1, 0x1}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9e7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf9758b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bfe98e94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b91fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029e7a9e8b86a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf7b155ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f8edd941bff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf2805372a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22670812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa31819caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae399aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64ffff5208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c04799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db63dec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab77ff8898d9816abc77b0e693880bffffffffffffff7fb5cb6967fb0ea8e14efce120947092c3b601002f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6af1d8183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77030094543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c75f4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b769e44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd580800000000000000d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156fb4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d475bd5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95f3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641f9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33201f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49d2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a34313315836bb7291764b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2dbed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3ad34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33dff5ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e02000000be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c0851800c6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e400000f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})

1.461020008s ago: executing program 6 (id=6447):
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha384)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004300)=""/102400, 0x19000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0x13, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, {}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3}, @map_fd={0x18, 0x5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0xc, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)=[0x1, 0x1, 0xffffffffffffffff], 0x0, 0x10, 0xfffffff7}, 0x94)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f"], 0xa8}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000240)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00', @ANYRES32=r3, @ANYRES8=r0, @ANYRES16=r3], 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1}], 0x1, 0x40800)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@delnexthop={0x50, 0x69, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [{0x8}, {0x8, 0x1, 0x2}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x600}, 0x4000094)

1.110149248s ago: executing program 3 (id=6448):
writev(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='contention_end\x00', r1}, 0x18)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c02600004100070100000000ff000000017c00000400fc80a72601"], 0x26c0}}, 0x4c000)

955.73066ms ago: executing program 0 (id=6449):
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha384)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004300)=""/102400, 0x19000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0x13, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, {}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3}, @map_fd={0x18, 0x5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0xc, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)=[0x1, 0x1, 0xffffffffffffffff], 0x0, 0x10, 0xfffffff7}, 0x94)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f"], 0xa8}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000240)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00', @ANYRES32=r3, @ANYRES8=r0, @ANYRES16=r3], 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1}], 0x1, 0x40800)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@delnexthop={0x50, 0x69, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [{0x8}, {0x8, 0x1, 0x2}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x600}, 0x4000094)

503.936928ms ago: executing program 3 (id=6450):
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2044819}, 0x8000)
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xa6}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000400), 0x0, 0x0, 0x0, 0x200000}, 0x1f00)
pidfd_send_signal(0xffffffffffffffff, 0x11, 0x0, 0x4)
sendmsg$tipc(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[], &(0x7f00000006c0)=""/151, 0x26, 0x97, 0x1, 0x7}, 0x28)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000010)
getsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, &(0x7f0000000580)=0x2, &(0x7f0000000900)=0xffffffffffffffb1)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="8c0000000906010800000000000000000200fffd200007800c00018008e78c3a000140e000000208000a400000000208000840000000c00900020073797a3100000000050001000700000044000880100007800a001100aaaaaaaaaaaa00000c00078008000b40000000000c00078008001c40ffffffff0c00078008000b40000000110c00078008000941001dc46748e5e4823b9ae813ff902df096d34e"], 0x8c}, 0x1, 0x0, 0x0, 0xcb58c9f2fa78421b}, 0x40c0080)
chdir(&(0x7f00000001c0)='./bus\x00')
lsetxattr$trusted_overlay_origin(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0, 0x0)

464.629797ms ago: executing program 0 (id=6451):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2)
r3 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3)
ftruncate(r3, 0xffff)
fcntl$addseals(r3, 0x409, 0x7)
r4 = ioctl$UDMABUF_CREATE_LIST(r2, 0x40087543, &(0x7f0000000500)={0x0, 0x1, [{r3, 0x0, 0x0, 0x8000}]})
lseek(r4, 0x0, 0x2)
ioctl$DMA_BUF_SET_NAME_A(r4, 0x40046201, &(0x7f0000000040)=']\x00')
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(r1, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000f80), &(0x7f0000000fc0)=0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48)
r5 = socket$key(0xf, 0x3, 0x2)
close(r5)

450.361433ms ago: executing program 6 (id=6452):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200000000000000000000faffffff850000000500000095"], 0x0, 0x2}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r2, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000007e00), r3)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r3, &(0x7f0000007f80)={0x0, 0x0, &(0x7f0000007f40)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd7000fbdbdf251500000008000300", @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x40040}, 0x40000)
socket$inet6(0xa, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4004850)
ptrace(0x10, 0x0)

244.509043ms ago: executing program 0 (id=6453):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
setresuid(0xee00, 0xee00, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = getpgid(0x0)
fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, r2})
sendmmsg$unix(r0, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f000001f600)='S', 0x1}], 0x1, 0x0, 0x0, 0x20008000}}], 0x1, 0x20000015)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r4 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_TRIM(r4, &(0x7f0000000200)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3f6, 0x1, 0x70bd2d, 0x25dfdbfc, "", ["", "", "", "", "", "", ""]}, 0x10}}, 0x24004841)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000e00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000100)=0x3)
ioctl$PPPIOCSACTIVE(r5, 0x40107446, &(0x7f0000000000)={0x4, &(0x7f0000000080)=[{0x6, 0x8, 0x0, 0x4}, {0x6, 0xa, 0xfe, 0x69e9}, {0x80, 0x5, 0x6, 0x151}, {0x4, 0x0, 0xf9, 0xf9}]})
r6 = socket$l2tp(0x2, 0x2, 0x73)
connect$l2tp(r6, &(0x7f00000000c0)={0x2, 0x0, @multicast1, 0x3}, 0x10)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SCUDMATCHLEN(r7, 0x89e7, &(0x7f0000000040)={0x3c})
socket$nl_route(0x10, 0x3, 0x0)
fsopen(&(0x7f0000000200)='mqueue\x00', 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r8}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r9 = getpid()
sched_setscheduler(r9, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r10=>0xffffffffffffffff})
connect$unix(r10, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)

0s ago: executing program 3 (id=6454):
socket$key(0xf, 0x3, 0x2)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100))
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x121040, 0x0)
ioctl$SOUND_MIXER_READ_VOLUME(r3, 0x80044d08, 0x0) (fail_nth: 2)

kernel console output (not intermixed with test programs):

 sonixj failed with error -110
[ 1774.547332][T27821] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1774.608915][T24248] Bluetooth: hci0: command tx timeout
[ 1774.623859][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1775.125320][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1775.172885][ T5893] usb 6-1: USB disconnect, device number 88
[ 1775.966151][T27811] chnl_net:caif_netlink_parms(): no params data found
[ 1775.999375][   T13] bridge_slave_1: left allmulticast mode
[ 1776.678863][T24248] Bluetooth: hci0: command tx timeout
[ 1776.729048][    T9] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[ 1776.807480][   T13] bridge_slave_1: left promiscuous mode
[ 1776.814524][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1776.830951][   T13] bridge_slave_0: left allmulticast mode
[ 1776.849535][   T13] bridge_slave_0: left promiscuous mode
[ 1776.862302][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1777.003149][    T9] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1777.008852][T27317] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[ 1777.012409][T27864] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1777.029255][T27864] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1777.039127][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1777.061803][    T9] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1777.246089][    T9] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1777.247556][T27317] usb 4-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[ 1777.269212][    T9] usb 5-1: Manufacturer: syz
[ 1777.294023][T27317] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1777.338255][    T9] usb 5-1: config 0 descriptor??
[ 1777.374897][T27317] usb 4-1: Product: syz
[ 1777.394697][T27317] usb 4-1: Manufacturer: syz
[ 1777.444000][    T9] rc_core: IR keymap rc-hauppauge not found
[ 1777.526303][    T9] Registered IR keymap rc-empty
[ 1777.531539][T27317] usb 4-1: SerialNumber: syz
[ 1777.706189][    T9] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[ 1777.750184][    T9] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input118
[ 1777.750624][T27317] usb 4-1: config 0 descriptor??
[ 1777.825537][T27317] usb 4-1: interface 1 not found
[ 1778.071307][T27855] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1778.096958][T27855] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1778.879258][T27849] net_ratelimit: 6 callbacks suppressed
[ 1778.879281][T27849] netlink: zone id is out of range
[ 1778.893007][T27849] netlink: zone id is out of range
[ 1778.901067][T27849] netlink: zone id is out of range
[ 1778.906201][T27849] netlink: zone id is out of range
[ 1778.912020][T27849] netlink: zone id is out of range
[ 1778.917186][T27849] netlink: zone id is out of range
[ 1778.922424][T27849] netlink: zone id is out of range
[ 1778.978584][T27849] netlink: set zone limit has 4 unknown bytes
[ 1779.123586][T24248] Bluetooth: hci0: command tx timeout
[ 1779.894599][T27855] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1779.917355][    T9] usb 5-1: USB disconnect, device number 10
[ 1779.921343][T27855] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1779.942562][T27886] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=55 (110 ns) > initial count (64 ns). Using initial count to start timer.
[ 1779.952516][T27855] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1779.972670][T27855] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1780.244141][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1780.264558][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1780.275474][   T13] bond0 (unregistering): Released all slaves
[ 1780.374022][ T5940] usb 4-1: USB disconnect, device number 100
[ 1780.416690][   T13] tipc: Disabling bearer <eth:vlan0>
[ 1780.432566][   T13] tipc: Disabling bearer <udp:s>
[ 1780.452776][   T13] tipc: Left network mode
[ 1780.585205][T27899] FAULT_INJECTION: forcing a failure.
[ 1780.585205][T27899] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1780.609437][T27899] CPU: 1 UID: 0 PID: 27899 Comm: syz.4.6040 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1780.609468][T27899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1780.609479][T27899] Call Trace:
[ 1780.609485][T27899]  <TASK>
[ 1780.609490][T27899]  dump_stack_lvl+0x16c/0x1f0
[ 1780.609504][T27899]  should_fail_ex+0x512/0x640
[ 1780.609524][T27899]  strncpy_from_user+0x3b/0x2e0
[ 1780.609542][T27899]  getname_flags.part.0+0x8f/0x550
[ 1780.609556][T27899]  ? __pfx_ksys_write+0x10/0x10
[ 1780.609573][T27899]  getname_flags+0x93/0xf0
[ 1780.609589][T27899]  __x64_sys_symlinkat+0x79/0xc0
[ 1780.609601][T27899]  do_syscall_64+0xcd/0x4c0
[ 1780.609613][T27899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1780.609625][T27899] RIP: 0033:0x7f07af18e9a9
[ 1780.609634][T27899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1780.609645][T27899] RSP: 002b:00007f07b0052038 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[ 1780.609656][T27899] RAX: ffffffffffffffda RBX: 00007f07af3b5fa0 RCX: 00007f07af18e9a9
[ 1780.609663][T27899] RDX: 0000200000000000 RSI: ffffffffffffff9c RDI: 0000200000001040
[ 1780.609670][T27899] RBP: 00007f07b0052090 R08: 0000000000000000 R09: 0000000000000000
[ 1780.609676][T27899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1780.609683][T27899] R13: 0000000000000000 R14: 00007f07af3b5fa0 R15: 00007ffe1dfc6168
[ 1780.609696][T27899]  </TASK>
[ 1780.819803][T27811] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1780.827664][T27811] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1780.843565][T27811] bridge_slave_0: entered allmulticast mode
[ 1780.855482][T27811] bridge_slave_0: entered promiscuous mode
[ 1780.876098][   T13] hsr_slave_0: left promiscuous mode
[ 1781.108884][   T10] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[ 1781.159051][T24248] Bluetooth: hci0: command tx timeout
[ 1781.474814][   T10] usb 7-1: Using ep0 maxpacket: 32
[ 1781.744209][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1781.756645][   T10] usb 7-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[ 1781.766147][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1781.774440][   T10] usb 7-1: Product: syz
[ 1781.778682][   T10] usb 7-1: Manufacturer: syz
[ 1781.783909][   T10] usb 7-1: SerialNumber: syz
[ 1781.804101][   T10] usb 7-1: config 0 descriptor??
[ 1781.811027][   T13] hsr_slave_1: left promiscuous mode
[ 1781.817780][   T10] cdc_ether 7-1:0.0: probe with driver cdc_ether failed with error -22
[ 1781.835028][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1781.845172][   T10] usb 7-1: unsupported MDLM descriptors
[ 1781.851578][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1781.869106][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1781.876543][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1781.904374][   T13] batman_adv: batadv0: Interface deactivated: ipvlan2
[ 1781.914494][   T13] batman_adv: batadv0: Removing interface: ipvlan2
[ 1781.969577][   T13] veth1_macvtap: left promiscuous mode
[ 1781.976162][   T13] veth0_macvtap: left promiscuous mode
[ 1781.985798][   T13] veth1_vlan: left promiscuous mode
[ 1781.991929][   T13] veth0_vlan: left promiscuous mode
[ 1782.415027][   T10] IPVS: starting estimator thread 0...
[ 1782.512767][T27916] IPVS: using max 73 ests per chain, 175200 per kthread
[ 1782.710997][T27924] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1782.720166][T27924] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1783.382140][T27938] binder: 27937:27938 ioctl c0306201 200000000080 returned -14
[ 1783.569163][ T5913] usb 7-1: USB disconnect, device number 41
[ 1783.578239][T27942] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1783.578239][T27942]    program syz.3.6050 not setting count and/or reply_len properly
[ 1784.708001][T27811] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1784.888735][T27811] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1784.917696][T27811] bridge_slave_1: entered allmulticast mode
[ 1784.953675][T27811] bridge_slave_1: entered promiscuous mode
[ 1785.004105][    T9] lo speed is unknown, defaulting to 1000
[ 1785.004134][T27922] netlink: 'syz.5.6045': attribute type 26 has an invalid length.
[ 1785.051156][T27925] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6045'.
[ 1785.374947][    T9] infiniband syz0: ib_query_port failed (-19)
[ 1785.775036][T27811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1785.798540][T27811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1786.028995][ T5893] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[ 1786.191894][ T5893] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[ 1786.218835][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1786.242626][ T5893] usb 4-1: Product: syz
[ 1786.263394][T27811] team0: Port device team_slave_0 added
[ 1786.272918][ T5893] usb 4-1: Manufacturer: syz
[ 1786.288040][T27811] team0: Port device team_slave_1 added
[ 1786.294616][ T5893] usb 4-1: SerialNumber: syz
[ 1786.311468][ T5893] usb 4-1: config 0 descriptor??
[ 1786.388510][T27970] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1786.388510][T27970]    program syz.6.6057 not setting count and/or reply_len properly
[ 1788.361020][T27811] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1788.368514][T27811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1788.401746][T27811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1788.403267][ T5893] hso 4-1:0.0: Failed to find BULK IN ep
[ 1788.488081][ T5893] usb-storage 4-1:0.0: USB Mass Storage device detected
[ 1788.570221][T27981] sg_write: data in/out 49020/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1788.570221][T27981]    program syz.4.6061 not setting count and/or reply_len properly
[ 1788.603838][T27811] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1788.691973][T27811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1788.722126][T27811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1788.743128][   T13] IPVS: stop unused estimator thread 0...
[ 1788.826196][T24248] Bluetooth: Unexpected continuation frame (len 16)
[ 1789.242480][T17105] usb 4-1: USB disconnect, device number 101
[ 1789.434103][T27811] hsr_slave_0: entered promiscuous mode
[ 1789.440970][T27811] hsr_slave_1: entered promiscuous mode
[ 1789.447066][T27811] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1789.679278][T27811] Cannot create hsr debugfs directory
[ 1789.979007][T27317] usb 6-1: new high-speed USB device number 89 using dummy_hcd
[ 1790.149102][T27317] usb 6-1: Using ep0 maxpacket: 16
[ 1790.159709][T27317] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1790.192125][T27317] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1790.206578][T27317] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[ 1790.282224][T27317] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1790.309655][    T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 1790.312768][T27317] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1790.383003][T28012] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1790.383003][T28012]    program syz.6.6069 not setting count and/or reply_len properly
[ 1790.501115][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1790.512614][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1790.530378][    T9] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[ 1790.539816][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1790.563526][    T9] usb 5-1: config 0 descriptor??
[ 1791.286134][T27317] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1791.295376][T27317] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1791.303500][T27317] usb 6-1: Manufacturer: syz
[ 1791.326147][T27317] usb 6-1: config 0 descriptor??
[ 1791.483147][    T9] kovaplus 0003:1E7D:2D50.0014: item fetching failed at offset 2/5
[ 1791.495868][    T9] kovaplus 0003:1E7D:2D50.0014: parse failed
[ 1791.502108][    T9] kovaplus 0003:1E7D:2D50.0014: probe with driver kovaplus failed with error -22
[ 1791.528451][T28017] Cannot find add_set index 0 as target
[ 1791.539944][T28017] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input119
[ 1791.593967][T27811] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1791.605067][T27811] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1791.614660][T27811] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1791.624996][T27811] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1791.697978][T27811] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1791.723416][T27811] 8021q: adding VLAN 0 to HW filter on device team0
[ 1791.727234][ T5893] usb 5-1: USB disconnect, device number 11
[ 1791.741043][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1791.748139][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1791.764698][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1791.771841][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1791.893403][T28029] input: syz0 as /devices/virtual/input/input120
[ 1791.950734][T27811] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1791.998694][T27811] veth0_vlan: entered promiscuous mode
[ 1792.011584][T27811] veth1_vlan: entered promiscuous mode
[ 1792.041425][T27811] veth0_macvtap: entered promiscuous mode
[ 1792.051607][T27811] veth1_macvtap: entered promiscuous mode
[ 1792.067106][T27811] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1792.081542][T27811] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1792.094553][T27811] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1792.104361][T27811] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1792.113786][T27811] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1792.122844][T27811] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1792.195370][T27049] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1792.250722][T27049] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1792.287112][T17396] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1792.302700][T17396] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1792.468736][T28034] FAULT_INJECTION: forcing a failure.
[ 1792.468736][T28034] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1792.482833][T28034] CPU: 0 UID: 0 PID: 28034 Comm: syz.3.6072 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1792.482857][T28034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1792.482868][T28034] Call Trace:
[ 1792.482873][T28034]  <TASK>
[ 1792.482880][T28034]  dump_stack_lvl+0x16c/0x1f0
[ 1792.482901][T28034]  should_fail_ex+0x512/0x640
[ 1792.482931][T28034]  _copy_to_user+0x32/0xd0
[ 1792.482951][T28034]  simple_read_from_buffer+0xcb/0x170
[ 1792.482980][T28034]  proc_fail_nth_read+0x197/0x270
[ 1792.483004][T28034]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1792.483028][T28034]  ? rw_verify_area+0xcf/0x680
[ 1792.483050][T28034]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1792.483073][T28034]  vfs_read+0x1e1/0xc60
[ 1792.483099][T28034]  ? __pfx___mutex_lock+0x10/0x10
[ 1792.483110][T28034]  ? __pfx_vfs_read+0x10/0x10
[ 1792.483129][T28034]  ? __fget_files+0x20e/0x3c0
[ 1792.483138][T28034]  ? static_key_count+0x20/0x70
[ 1792.483156][T28034]  ksys_read+0x12a/0x250
[ 1792.483178][T28034]  ? __pfx_ksys_read+0x10/0x10
[ 1792.483209][T28034]  do_syscall_64+0xcd/0x4c0
[ 1792.483227][T28034]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1792.483243][T28034] RIP: 0033:0x7f960af8d3bc
[ 1792.483252][T28034] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1792.483264][T28034] RSP: 002b:00007f9608db4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1792.483275][T28034] RAX: ffffffffffffffda RBX: 00007f960b1b6160 RCX: 00007f960af8d3bc
[ 1792.483281][T28034] RDX: 000000000000000f RSI: 00007f9608db40a0 RDI: 0000000000000004
[ 1792.483288][T28034] RBP: 00007f9608db4090 R08: 0000000000000000 R09: 0000000000000000
[ 1792.483295][T28034] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001
[ 1792.483301][T28034] R13: 0000000000000000 R14: 00007f960b1b6160 R15: 00007ffcc1e06478
[ 1792.483322][T28034]  </TASK>
[ 1792.935982][T28038] /dev/nullb0: Can't lookup blockdev
[ 1793.673798][T28053] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=28053 comm=syz.4.6076
[ 1793.720876][T27317] rc_core: IR keymap rc-hauppauge not found
[ 1793.726791][T27317] Registered IR keymap rc-empty
[ 1793.747443][T27317] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1793.869270][T27317] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1793.951643][T27317] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 1795.713270][T27317] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input121
[ 1795.919249][T27317] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1796.109254][T27317] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1796.624820][T27317] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1796.648961][T27317] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1796.788840][T27317] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1797.429278][T28074] 9pnet_fd: Insufficient options for proto=fd
[ 1797.599016][T27317] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1797.618965][T27317] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1797.627842][T28081] FAULT_INJECTION: forcing a failure.
[ 1797.627842][T28081] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1797.639145][T27317] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1797.646033][T28081] CPU: 0 UID: 0 PID: 28081 Comm: syz.0.6085 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1797.646055][T28081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1797.646065][T28081] Call Trace:
[ 1797.646070][T28081]  <TASK>
[ 1797.646077][T28081]  dump_stack_lvl+0x16c/0x1f0
[ 1797.646097][T28081]  should_fail_ex+0x512/0x640
[ 1797.646125][T28081]  _copy_from_user+0x2e/0xd0
[ 1797.646141][T28081]  memdup_user+0x6b/0xe0
[ 1797.646165][T28081]  strndup_user+0x78/0xe0
[ 1797.646188][T28081]  __x64_sys_mount+0x137/0x310
[ 1797.646206][T28081]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1797.646230][T28081]  do_syscall_64+0xcd/0x4c0
[ 1797.646247][T28081]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1797.646263][T28081] RIP: 0033:0x7f4e41f8e9a9
[ 1797.646277][T28081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1797.646291][T28081] RSP: 002b:00007f4e42ee0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1797.646311][T28081] RAX: ffffffffffffffda RBX: 00007f4e421b5fa0 RCX: 00007f4e41f8e9a9
[ 1797.646322][T28081] RDX: 0000200000000380 RSI: 0000200000000100 RDI: 0000200000000580
[ 1797.646332][T28081] RBP: 00007f4e42ee0090 R08: 0000200000000980 R09: 0000000000000000
[ 1797.646341][T28081] R10: 000000000081001f R11: 0000000000000246 R12: 0000000000000001
[ 1797.646351][T28081] R13: 0000000000000000 R14: 00007f4e421b5fa0 R15: 00007ffc66eda708
[ 1797.646372][T28081]  </TASK>
[ 1798.082173][T28083] ksmbd: Unknown IPC event: 3, ignore.
[ 1798.571241][T28094] FAULT_INJECTION: forcing a failure.
[ 1798.571241][T28094] name failslab, interval 1, probability 0, space 0, times 0
[ 1798.717788][T28094] CPU: 0 UID: 0 PID: 28094 Comm: syz.0.6086 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1798.717814][T28094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1798.717826][T28094] Call Trace:
[ 1798.717832][T28094]  <TASK>
[ 1798.717839][T28094]  dump_stack_lvl+0x16c/0x1f0
[ 1798.717860][T28094]  should_fail_ex+0x512/0x640
[ 1798.717886][T28094]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1798.717914][T28094]  should_failslab+0xc2/0x120
[ 1798.717931][T28094]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1798.717955][T28094]  ? __alloc_skb+0x2b2/0x380
[ 1798.717985][T28094]  __alloc_skb+0x2b2/0x380
[ 1798.718009][T28094]  ? __pfx___alloc_skb+0x10/0x10
[ 1798.718039][T28094]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1798.718063][T28094]  netlink_alloc_large_skb+0x69/0x130
[ 1798.718083][T28094]  netlink_sendmsg+0x6a1/0xdd0
[ 1798.718106][T28094]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1798.718134][T28094]  ____sys_sendmsg+0xa95/0xc70
[ 1798.718154][T28094]  ? copy_msghdr_from_user+0x10a/0x160
[ 1798.718170][T28094]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1798.718201][T28094]  ___sys_sendmsg+0x134/0x1d0
[ 1798.718218][T28094]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1798.718231][T28094]  ? __lock_acquire+0x622/0x1c90
[ 1798.718275][T28094]  __sys_sendmsg+0x16d/0x220
[ 1798.718291][T28094]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1798.718329][T28094]  do_syscall_64+0xcd/0x4c0
[ 1798.718347][T28094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1798.718364][T28094] RIP: 0033:0x7f4e41f8e9a9
[ 1798.718377][T28094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1798.718392][T28094] RSP: 002b:00007f4e42e9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1798.718409][T28094] RAX: ffffffffffffffda RBX: 00007f4e421b6160 RCX: 00007f4e41f8e9a9
[ 1798.718420][T28094] RDX: 0000000000000000 RSI: 0000200000002f80 RDI: 0000000000000005
[ 1798.718430][T28094] RBP: 00007f4e42e9e090 R08: 0000000000000000 R09: 0000000000000000
[ 1798.718439][T28094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1798.718449][T28094] R13: 0000000000000000 R14: 00007f4e421b6160 R15: 00007ffc66eda708
[ 1798.718471][T28094]  </TASK>
[ 1799.097833][T27317] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1800.198383][T28107] /dev/nullb0: Can't lookup blockdev
[ 1800.205348][T28105] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6091'.
[ 1800.219826][T27317] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 1800.255427][T27317] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[ 1800.283493][T27317] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1800.331483][T27317] usb 6-1: USB disconnect, device number 89
[ 1802.497957][T28133] FAULT_INJECTION: forcing a failure.
[ 1802.497957][T28133] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1802.606947][T28133] CPU: 0 UID: 0 PID: 28133 Comm: syz.3.6099 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1802.606973][T28133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1802.606984][T28133] Call Trace:
[ 1802.606990][T28133]  <TASK>
[ 1802.606997][T28133]  dump_stack_lvl+0x16c/0x1f0
[ 1802.607019][T28133]  should_fail_ex+0x512/0x640
[ 1802.607051][T28133]  _copy_to_user+0x32/0xd0
[ 1802.607071][T28133]  simple_read_from_buffer+0xcb/0x170
[ 1802.607099][T28133]  proc_fail_nth_read+0x197/0x270
[ 1802.607126][T28133]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1802.607153][T28133]  ? rw_verify_area+0xcf/0x680
[ 1802.607174][T28133]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1802.607196][T28133]  vfs_read+0x1e1/0xc60
[ 1802.607222][T28133]  ? __pfx___mutex_lock+0x10/0x10
[ 1802.607240][T28133]  ? __pfx_vfs_read+0x10/0x10
[ 1802.607286][T28133]  ? __fget_files+0x20e/0x3c0
[ 1802.607308][T28133]  ksys_read+0x12a/0x250
[ 1802.607332][T28133]  ? __pfx_ksys_read+0x10/0x10
[ 1802.607363][T28133]  do_syscall_64+0xcd/0x4c0
[ 1802.607382][T28133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1802.607400][T28133] RIP: 0033:0x7f960af8d3bc
[ 1802.607414][T28133] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1802.607431][T28133] RSP: 002b:00007f9608df6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1802.607447][T28133] RAX: ffffffffffffffda RBX: 00007f960b1b5fa0 RCX: 00007f960af8d3bc
[ 1802.607459][T28133] RDX: 000000000000000f RSI: 00007f9608df60a0 RDI: 0000000000000003
[ 1802.607470][T28133] RBP: 00007f9608df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1802.607481][T28133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1802.607491][T28133] R13: 0000000000000000 R14: 00007f960b1b5fa0 R15: 00007ffcc1e06478
[ 1802.607515][T28133]  </TASK>
[ 1804.177636][T28152] binder: BINDER_SET_CONTEXT_MGR already set
[ 1804.187867][T28152] binder: 28151:28152 ioctl 4018620d 200000000040 returned -16
[ 1804.434767][T28162] overlayfs: failed to resolve './file1': -2
[ 1806.539092][T28187] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=55 (110 ns) > initial count (64 ns). Using initial count to start timer.
[ 1806.902918][T28176] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1807.596093][T28199] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1807.596093][T28199]    program syz.0.6115 not setting count and/or reply_len properly
[ 1808.325916][T28191] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1808.556558][T28204] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1808.556558][T28204]    program syz.6.6117 not setting count and/or reply_len properly
[ 1810.534462][    T9] usb 7-1: new full-speed USB device number 42 using dummy_hcd
[ 1810.760947][    T9] usb 7-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1810.848933][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1811.287481][    T9] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1811.297349][T28232] 9pnet_fd: Insufficient options for proto=fd
[ 1811.321816][    T9] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1811.341040][    T9] usb 7-1: Manufacturer: syz
[ 1811.386795][    T9] usb 7-1: config 0 descriptor??
[ 1811.650265][    T9] rc_core: IR keymap rc-hauppauge not found
[ 1811.791359][    T9] Registered IR keymap rc-empty
[ 1811.796858][    T9] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[ 1811.829186][    T9] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input123
[ 1812.133034][T28239] FAULT_INJECTION: forcing a failure.
[ 1812.133034][T28239] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1812.157354][T28239] CPU: 0 UID: 0 PID: 28239 Comm: syz.0.6126 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1812.157379][T28239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1812.157390][T28239] Call Trace:
[ 1812.157396][T28239]  <TASK>
[ 1812.157403][T28239]  dump_stack_lvl+0x16c/0x1f0
[ 1812.157423][T28239]  should_fail_ex+0x512/0x640
[ 1812.157462][T28239]  _copy_from_user+0x2e/0xd0
[ 1812.157481][T28239]  copy_msghdr_from_user+0x98/0x160
[ 1812.157499][T28239]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1812.157530][T28239]  ? kfree+0x24f/0x4d0
[ 1812.157551][T28239]  ? __lock_acquire+0x622/0x1c90
[ 1812.157572][T28239]  ___sys_recvmsg+0xdb/0x1a0
[ 1812.157589][T28239]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1812.157621][T28239]  ? __pfx___might_resched+0x10/0x10
[ 1812.157650][T28239]  do_recvmmsg+0x2fe/0x750
[ 1812.157670][T28239]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1812.157692][T28239]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 1812.157719][T28239]  ? __fget_files+0x20e/0x3c0
[ 1812.157743][T28239]  __x64_sys_recvmmsg+0x22a/0x280
[ 1812.157762][T28239]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1812.157788][T28239]  do_syscall_64+0xcd/0x4c0
[ 1812.157808][T28239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1812.157827][T28239] RIP: 0033:0x7f4e41f8e9a9
[ 1812.157843][T28239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1812.157861][T28239] RSP: 002b:00007f4e42ee0038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1812.157878][T28239] RAX: ffffffffffffffda RBX: 00007f4e421b5fa0 RCX: 00007f4e41f8e9a9
[ 1812.157890][T28239] RDX: 0000000000000002 RSI: 0000200000000f80 RDI: 0000000000000003
[ 1812.157902][T28239] RBP: 00007f4e42ee0090 R08: 0000000000000000 R09: 0000000000000000
[ 1812.157913][T28239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1812.157924][T28239] R13: 0000000000000000 R14: 00007f4e421b5fa0 R15: 00007ffc66eda708
[ 1812.157948][T28239]  </TASK>
[ 1812.945603][    T9] usb 6-1: new high-speed USB device number 90 using dummy_hcd
[ 1813.020710][T28209] netlink: zone id is out of range
[ 1813.039777][T28209] netlink: zone id is out of range
[ 1813.045322][T28209] netlink: zone id is out of range
[ 1813.059127][T28209] netlink: zone id is out of range
[ 1813.067366][T28209] netlink: zone id is out of range
[ 1813.238970][    T9] usb 6-1: Using ep0 maxpacket: 16
[ 1813.353034][    T9] usb 6-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[ 1813.365255][    T9] usb 6-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58
[ 1813.374814][T28209] netlink: zone id is out of range
[ 1813.380915][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1813.389133][T28209] netlink: zone id is out of range
[ 1813.395105][    T9] usb 6-1: Product: syz
[ 1813.403791][    T9] usb 6-1: Manufacturer: syz
[ 1813.450854][    T9] usb 6-1: SerialNumber: syz
[ 1813.476667][T28258] overlayfs: failed to resolve './file1': -2
[ 1813.532615][T24248] Bluetooth: Unexpected continuation frame (len 16)
[ 1813.705509][T28209] netlink: set zone limit has 4 unknown bytes
[ 1813.729350][ T5940] usb 7-1: USB disconnect, device number 42
[ 1813.864044][T28263] vlan2: entered promiscuous mode
[ 1813.887322][T28263] bridge0: entered promiscuous mode
[ 1813.898122][T28263] vlan2: entered allmulticast mode
[ 1813.912523][T28263] bridge0: entered allmulticast mode
[ 1813.929961][T28264] bond0: (slave bond_slave_0): Releasing backup interface
[ 1813.946138][T28264] bond0: (slave bond_slave_1): Releasing backup interface
[ 1813.957940][T28264] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1813.969591][T28264] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1814.577230][T28269] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8208 sclass=netlink_route_socket pid=28269 comm=syz.6.6136
[ 1815.969780][    T9] pn533_usb 6-1:5.0: NFC: Could not find bulk-in or bulk-out endpoint
[ 1816.038850][    T9] usb 6-1: USB disconnect, device number 90
[ 1816.168613][T28285] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1816.168613][T28285]    program syz.6.6142 not setting count and/or reply_len properly
[ 1816.913009][   T30] audit: type=1400 audit(2000000193.065:4110): avc:  denied  { accept } for  pid=28279 comm="syz.3.6141" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1817.199964][T13008] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1817.213146][T13008] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1817.222797][T13008] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1817.231203][T13008] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1817.240443][T13008] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1818.429774][T28302] FAULT_INJECTION: forcing a failure.
[ 1818.429774][T28302] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1818.442965][T28302] CPU: 1 UID: 0 PID: 28302 Comm: syz.3.6145 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1818.442989][T28302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1818.443000][T28302] Call Trace:
[ 1818.443006][T28302]  <TASK>
[ 1818.443013][T28302]  dump_stack_lvl+0x16c/0x1f0
[ 1818.443035][T28302]  should_fail_ex+0x512/0x640
[ 1818.443066][T28302]  _copy_from_user+0x2e/0xd0
[ 1818.443085][T28302]  move_addr_to_kernel+0x65/0x170
[ 1818.443110][T28302]  __copy_msghdr+0x386/0x470
[ 1818.443139][T28302]  copy_msghdr_from_user+0xc1/0x160
[ 1818.443155][T28302]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1818.443187][T28302]  ? __lock_acquire+0xb8a/0x1c90
[ 1818.443211][T28302]  ___sys_sendmsg+0xfe/0x1d0
[ 1818.443229][T28302]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1818.443278][T28302]  __sys_sendmsg+0x16d/0x220
[ 1818.443296][T28302]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1818.443329][T28302]  do_syscall_64+0xcd/0x4c0
[ 1818.443350][T28302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1818.443368][T28302] RIP: 0033:0x7f960af8e9a9
[ 1818.443382][T28302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1818.443404][T28302] RSP: 002b:00007f9608db4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1818.443422][T28302] RAX: ffffffffffffffda RBX: 00007f960b1b6160 RCX: 00007f960af8e9a9
[ 1818.443434][T28302] RDX: 00000000000000ee RSI: 00002000000001c0 RDI: 0000000000000006
[ 1818.443445][T28302] RBP: 00007f9608db4090 R08: 0000000000000000 R09: 0000000000000000
[ 1818.443456][T28302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1818.443467][T28302] R13: 0000000000000000 R14: 00007f960b1b6160 R15: 00007ffcc1e06478
[ 1818.443491][T28302]  </TASK>
[ 1818.742757][T28298] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 1818.853921][T28289] chnl_net:caif_netlink_parms(): no params data found
[ 1819.204162][T28312] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[ 1819.273717][   T30] audit: type=1326 audit(2000000195.425:4111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28311 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1819.308125][T13008] Bluetooth: Unexpected continuation frame (len 16)
[ 1819.319413][T24248] Bluetooth: hci2: command tx timeout
[ 1819.353473][   T30] audit: type=1326 audit(2000000195.445:4112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28311 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1819.395690][   T30] audit: type=1400 audit(2000000195.445:4113): avc:  denied  { ioctl } for  pid=28311 comm="+}[@" path="socket:[118407]" dev="sockfs" ino=118407 ioctlcmd=0x6618 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1819.421072][   T30] audit: type=1326 audit(2000000195.445:4114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28311 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1819.446525][   T30] audit: type=1326 audit(2000000195.455:4115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28311 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1819.474715][   T30] audit: type=1326 audit(2000000195.455:4116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28311 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1819.530500][   T30] audit: type=1326 audit(2000000195.455:4117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28311 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1819.554003][   T30] audit: type=1326 audit(2000000195.455:4118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28311 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1819.580218][   T30] audit: type=1326 audit(2000000195.455:4119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28311 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc0e8f8d310 code=0x7ffc0000
[ 1819.761256][T28329] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1819.770293][T28329] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1820.739968][ T7990] bond0 (unregistering): Released all slaves
[ 1820.953145][ T7990] bond1 (unregistering): Released all slaves
[ 1821.419545][T13008] Bluetooth: hci2: command tx timeout
[ 1821.562657][T28289] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1821.582664][T28289] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1821.589982][T28289] bridge_slave_0: entered allmulticast mode
[ 1821.598043][T28289] bridge_slave_0: entered promiscuous mode
[ 1821.619007][T28317] siw: device registration error -23
[ 1821.620890][T28289] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1821.633262][T28289] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1821.658985][T28289] bridge_slave_1: entered allmulticast mode
[ 1821.676981][T28289] bridge_slave_1: entered promiscuous mode
[ 1821.695031][ T7990] : left promiscuous mode
[ 1821.961011][T28355] binder: 28351:28355 ioctl c0306201 200000000080 returned -14
[ 1821.987184][T28356] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6158'.
[ 1822.006259][T28289] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1822.009090][T28350] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6157'.
[ 1822.472042][T28356] team0 (unregistering): Port device team_slave_0 removed
[ 1822.536337][T28356] team0 (unregistering): Port device team_slave_1 removed
[ 1822.566863][T28289] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1822.726769][ T7990] hsr_slave_0: left promiscuous mode
[ 1822.733306][ T7990] hsr_slave_1: left promiscuous mode
[ 1822.817390][T13008] Bluetooth: Unexpected continuation frame (len 16)
[ 1822.976559][T13008] Bluetooth: Unexpected continuation frame (len 16)
[ 1823.478870][T13008] Bluetooth: hci2: command tx timeout
[ 1824.469036][ T5913] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[ 1824.680234][ T5913] usb 4-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[ 1824.728940][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1824.740143][ T5913] usb 4-1: Product: syz
[ 1824.765331][ T5913] usb 4-1: Manufacturer: syz
[ 1824.771129][ T5913] usb 4-1: SerialNumber: syz
[ 1824.779776][ T5913] usb 4-1: config 0 descriptor??
[ 1824.788548][ T5913] usb 4-1: interface 1 not found
[ 1824.965229][T28396] FAULT_INJECTION: forcing a failure.
[ 1824.965229][T28396] name failslab, interval 1, probability 0, space 0, times 0
[ 1824.978913][T28396] CPU: 0 UID: 0 PID: 28396 Comm: syz.5.6169 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1824.978938][T28396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1824.978948][T28396] Call Trace:
[ 1824.978954][T28396]  <TASK>
[ 1824.978962][T28396]  dump_stack_lvl+0x16c/0x1f0
[ 1824.978982][T28396]  should_fail_ex+0x512/0x640
[ 1824.979009][T28396]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1824.979039][T28396]  should_failslab+0xc2/0x120
[ 1824.979056][T28396]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1824.979081][T28396]  ? getname_flags.part.0+0x4c/0x550
[ 1824.979107][T28396]  getname_flags.part.0+0x4c/0x550
[ 1824.979131][T28396]  getname_flags+0x93/0xf0
[ 1824.979156][T28396]  do_sys_openat2+0xb8/0x1d0
[ 1824.979175][T28396]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1824.979197][T28396]  ? trace_irq_enable.constprop.0+0x2f/0x120
[ 1824.979223][T28396]  __x64_sys_openat+0x174/0x210
[ 1824.979243][T28396]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1824.979268][T28396]  ? trace_irq_enable.constprop.0+0x2f/0x120
[ 1824.979294][T28396]  do_syscall_64+0xcd/0x4c0
[ 1824.979313][T28396]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1824.979331][T28396] RIP: 0033:0x7f4751b8d310
[ 1824.979351][T28396] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 1824.979367][T28396] RSP: 002b:00007f474f9d2ef0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1824.979385][T28396] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4751b8d310
[ 1824.979396][T28396] RDX: 0000000000000002 RSI: 00007f4751c10a44 RDI: 00000000ffffff9c
[ 1824.979407][T28396] RBP: 00007f4751c10a44 R08: 0000000000000000 R09: 0000000000000000
[ 1824.979418][T28396] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1824.979428][T28396] R13: 0000000000000036 R14: 0000200000000000 R15: 00007ffca3b51d38
[ 1824.979452][T28396]  </TASK>
[ 1825.003395][T28388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1825.246649][T28388] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1825.297708][T28289] team0: Port device team_slave_0 added
[ 1825.439383][T28289] team0: Port device team_slave_1 added
[ 1825.446153][T28388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1825.558874][T13008] Bluetooth: hci2: command tx timeout
[ 1826.036618][T28388] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1826.160200][T28289] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1826.167150][T28289] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1826.195684][T28388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1826.207609][T28388] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1826.231614][T28289] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1826.251825][T28289] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1826.258953][T28289] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1826.285540][T28289] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1826.391805][    T9] usb 4-1: USB disconnect, device number 102
[ 1826.403013][T28289] hsr_slave_0: entered promiscuous mode
[ 1826.412828][T28289] hsr_slave_1: entered promiscuous mode
[ 1826.418987][T28289] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1826.426549][T28289] Cannot create hsr debugfs directory
[ 1826.476326][ T7990] IPVS: stop unused estimator thread 0...
[ 1826.763156][T28408] FAULT_INJECTION: forcing a failure.
[ 1826.763156][T28408] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1826.778953][T28408] CPU: 0 UID: 0 PID: 28408 Comm: syz.5.6173 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1826.778980][T28408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1826.778990][T28408] Call Trace:
[ 1826.778996][T28408]  <TASK>
[ 1826.779003][T28408]  dump_stack_lvl+0x16c/0x1f0
[ 1826.779026][T28408]  should_fail_ex+0x512/0x640
[ 1826.779057][T28408]  _copy_from_user+0x2e/0xd0
[ 1826.779077][T28408]  do_sock_getsockopt+0x3ca/0x440
[ 1826.779105][T28408]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1826.779125][T28408]  ? __fget_files+0x204/0x3c0
[ 1826.779153][T28408]  __sys_getsockopt+0x12f/0x260
[ 1826.779186][T28408]  __x64_sys_getsockopt+0xbd/0x160
[ 1826.779211][T28408]  ? do_syscall_64+0x91/0x4c0
[ 1826.779228][T28408]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1826.779254][T28408]  do_syscall_64+0xcd/0x4c0
[ 1826.779273][T28408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1826.779291][T28408] RIP: 0033:0x7f4751b8e9a9
[ 1826.779306][T28408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1826.779322][T28408] RSP: 002b:00007f474f9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1826.779338][T28408] RAX: ffffffffffffffda RBX: 00007f4751db5fa0 RCX: 00007f4751b8e9a9
[ 1826.779349][T28408] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000004
[ 1826.779358][T28408] RBP: 00007f474f9f6090 R08: 0000200000000180 R09: 0000000000000000
[ 1826.779367][T28408] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[ 1826.779376][T28408] R13: 0000000000000000 R14: 00007f4751db5fa0 R15: 00007ffca3b51d38
[ 1826.779398][T28408]  </TASK>
[ 1826.819359][T28289] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1827.058741][T28289] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1827.087187][T28289] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1827.113411][T28289] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1827.389476][T17105] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[ 1827.629163][T17105] usb 7-1: Using ep0 maxpacket: 16
[ 1827.640910][T17105] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1827.653522][T17105] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1827.813997][T28289] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1828.257346][T28289] 8021q: adding VLAN 0 to HW filter on device team0
[ 1828.279655][ T7990] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1828.286702][ T7990] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1828.318185][T17105] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1828.344350][ T7990] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1828.351450][ T7990] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1828.428541][T17105] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1828.452206][T13008] Bluetooth: Unexpected continuation frame (len 16)
[ 1828.499146][T17105] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1828.513134][T17105] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1828.529066][T17105] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1828.537287][T17105] usb 7-1: Manufacturer: syz
[ 1828.566056][T17105] usb 7-1: config 0 descriptor??
[ 1828.737515][T28289] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1828.844494][T28442] xt_AUDIT: Audit type out of range (valid range: 0..2)
[ 1829.863979][T28289] veth0_vlan: entered promiscuous mode
[ 1829.904358][T28289] veth1_vlan: entered promiscuous mode
[ 1829.963088][T28460] netlink: 2384 bytes leftover after parsing attributes in process `syz.3.6182'.
[ 1829.990618][T28289] veth0_macvtap: entered promiscuous mode
[ 1830.005741][T28460] No control pipe specified
[ 1830.011643][T28289] veth1_macvtap: entered promiscuous mode
[ 1830.052793][T28289] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1830.100054][T28289] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1830.128169][T28289] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1830.145080][T28289] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1830.155451][T28289] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1830.171836][T28289] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1830.199123][   T30] kauditd_printk_skb: 24 callbacks suppressed
[ 1830.199137][   T30] audit: type=1400 audit(2000000206.356:4144): avc:  denied  { write } for  pid=28459 comm="syz.3.6182" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 1830.663489][   T30] audit: type=1326 audit(2000000206.816:4145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28467 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1830.686560][T17105] rc_core: IR keymap rc-hauppauge not found
[ 1830.686575][T17105] Registered IR keymap rc-empty
[ 1830.686670][T17105] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1830.703996][T17105] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1830.730199][T17105] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[ 1830.772228][T17396] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1830.783021][   T30] audit: type=1326 audit(2000000206.816:4146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28467 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1830.793749][T17105] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input124
[ 1830.815904][   T30] audit: type=1326 audit(2000000206.816:4147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28467 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1830.828939][T17396] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1830.853773][   T30] audit: type=1326 audit(2000000206.816:4148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28467 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1830.891532][T27311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1830.902158][T27311] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1830.912058][   T30] audit: type=1326 audit(2000000206.816:4149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28467 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1830.982296][T17105] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1830.990066][   T30] audit: type=1326 audit(2000000206.816:4150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28467 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1831.014378][T17105] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1831.023651][   T10] usb 6-1: new high-speed USB device number 91 using dummy_hcd
[ 1831.024045][   T30] audit: type=1326 audit(2000000206.816:4151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28467 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1831.107865][   T30] audit: type=1326 audit(2000000206.816:4152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28467 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1831.176583][T17105] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1831.184985][   T30] audit: type=1326 audit(2000000206.846:4153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28467 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0e8f8e9a9 code=0x7ffc0000
[ 1831.212848][T17105] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1832.146388][   T10] usb 6-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[ 1832.172942][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1832.204906][T17105] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1832.256712][   T10] usb 6-1: Product: syz
[ 1832.304346][T17105] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1832.336534][   T10] usb 6-1: Manufacturer: syz
[ 1832.393726][   T10] usb 6-1: SerialNumber: syz
[ 1832.407073][T28494] siw: device registration error -23
[ 1832.421145][T17105] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1832.438398][   T10] usb 6-1: config 0 descriptor??
[ 1832.453671][   T10] usb 6-1: interface 1 not found
[ 1832.469457][T17105] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1832.489364][T17105] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1832.510016][T17105] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1832.530281][T17105] mceusb 7-1:0.0: Registered  with mce emulator interface version 1
[ 1832.541459][T28498] netlink: 'syz.3.6192': attribute type 7 has an invalid length.
[ 1832.549407][T28498] netlink: 'syz.3.6192': attribute type 8 has an invalid length.
[ 1832.563527][T17105] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1832.577386][T17105] usb 7-1: USB disconnect, device number 43
[ 1832.653516][T28476] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1832.662466][T28476] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1832.672833][T28476] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1832.681551][T28476] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1832.690493][T28476] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1832.699745][T28476] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1832.806280][   T10] usb 6-1: USB disconnect, device number 91
[ 1833.488195][T28495] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1833.717884][T28515] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1833.717884][T28515]    program syz.5.6194 not setting count and/or reply_len properly
[ 1835.059209][T27317] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[ 1835.355441][T28525] FAULT_INJECTION: forcing a failure.
[ 1835.355441][T28525] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1835.369473][T28525] CPU: 0 UID: 0 PID: 28525 Comm: syz.0.6199 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1835.369497][T28525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1835.369508][T28525] Call Trace:
[ 1835.369514][T28525]  <TASK>
[ 1835.369521][T28525]  dump_stack_lvl+0x16c/0x1f0
[ 1835.369542][T28525]  should_fail_ex+0x512/0x640
[ 1835.369570][T28525]  _copy_from_iter+0x29f/0x16f0
[ 1835.369585][T28525]  ? __pfx__copy_from_iter+0x10/0x10
[ 1835.369597][T28525]  ? rcu_is_watching+0x12/0xc0
[ 1835.369611][T28525]  ? trace_kmalloc+0x2b/0xd0
[ 1835.369628][T28525]  ? __kmalloc_noprof+0x242/0x510
[ 1835.369658][T28525]  kernfs_fop_write_iter+0x19a/0x510
[ 1835.369685][T28525]  vfs_write+0x6c4/0x1150
[ 1835.369707][T28525]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 1835.369723][T28525]  ? __pfx___mutex_lock+0x10/0x10
[ 1835.369734][T28525]  ? __pfx_vfs_write+0x10/0x10
[ 1835.369752][T28525]  ? __rcu_read_unlock+0x2b4/0x580
[ 1835.369774][T28525]  ksys_write+0x12a/0x250
[ 1835.369798][T28525]  ? __pfx_ksys_write+0x10/0x10
[ 1835.369829][T28525]  do_syscall_64+0xcd/0x4c0
[ 1835.369846][T28525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1835.369859][T28525] RIP: 0033:0x7f4e41f8e9a9
[ 1835.369868][T28525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1835.369879][T28525] RSP: 002b:00007f4e42ebf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1835.369890][T28525] RAX: ffffffffffffffda RBX: 00007f4e421b6080 RCX: 00007f4e41f8e9a9
[ 1835.369897][T28525] RDX: 0000000000000012 RSI: 0000200000000040 RDI: 0000000000000007
[ 1835.369904][T28525] RBP: 00007f4e42ebf090 R08: 0000000000000000 R09: 0000000000000000
[ 1835.369912][T28525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1835.369922][T28525] R13: 0000000000000000 R14: 00007f4e421b6080 R15: 00007ffc66eda708
[ 1835.369946][T28525]  </TASK>
[ 1835.440836][T28522] FAULT_INJECTION: forcing a failure.
[ 1835.440836][T28522] name failslab, interval 1, probability 0, space 0, times 0
[ 1835.514472][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1835.859286][T28522] CPU: 0 UID: 0 PID: 28522 Comm: syz.6.6198 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1835.859315][T28522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1835.859326][T28522] Call Trace:
[ 1835.859333][T28522]  <TASK>
[ 1835.859340][T28522]  dump_stack_lvl+0x16c/0x1f0
[ 1835.859361][T28522]  should_fail_ex+0x512/0x640
[ 1835.859388][T28522]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1835.859417][T28522]  should_failslab+0xc2/0x120
[ 1835.859432][T28522]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1835.859455][T28522]  ? __alloc_skb+0x2b2/0x380
[ 1835.859481][T28522]  __alloc_skb+0x2b2/0x380
[ 1835.859503][T28522]  ? __pfx___alloc_skb+0x10/0x10
[ 1835.859526][T28522]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1835.859548][T28522]  netlink_alloc_large_skb+0x69/0x130
[ 1835.859566][T28522]  netlink_sendmsg+0x6a1/0xdd0
[ 1835.859586][T28522]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1835.859612][T28522]  ____sys_sendmsg+0xa95/0xc70
[ 1835.859631][T28522]  ? copy_msghdr_from_user+0x10a/0x160
[ 1835.859644][T28522]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1835.859671][T28522]  ___sys_sendmsg+0x134/0x1d0
[ 1835.859686][T28522]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1835.859698][T28522]  ? __lock_acquire+0x622/0x1c90
[ 1835.859738][T28522]  __sys_sendmsg+0x16d/0x220
[ 1835.859753][T28522]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1835.859779][T28522]  do_syscall_64+0xcd/0x4c0
[ 1835.859794][T28522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1835.859809][T28522] RIP: 0033:0x7fc0e8f8e9a9
[ 1835.859821][T28522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1835.859835][T28522] RSP: 002b:00007fc0e9dea038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1835.859850][T28522] RAX: ffffffffffffffda RBX: 00007fc0e91b5fa0 RCX: 00007fc0e8f8e9a9
[ 1835.859860][T28522] RDX: 000000000000c000 RSI: 0000200000000300 RDI: 0000000000000003
[ 1835.859870][T28522] RBP: 00007fc0e9dea090 R08: 0000000000000000 R09: 0000000000000000
[ 1835.859879][T28522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1835.859888][T28522] R13: 0000000000000000 R14: 00007fc0e91b5fa0 R15: 00007ffe36000b58
[ 1835.859907][T28522]  </TASK>
[ 1836.226000][T27317] usb 4-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[ 1836.235328][T27317] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1836.246041][T27317] usb 4-1: Product: syz
[ 1836.314913][T27317] usb 4-1: Manufacturer: syz
[ 1836.473031][T27317] usb 4-1: SerialNumber: syz
[ 1837.477316][T27317] usb 4-1: config 0 descriptor??
[ 1837.527802][T28547] siw: device registration error -23
[ 1837.548433][   T30] kauditd_printk_skb: 27 callbacks suppressed
[ 1837.548449][   T30] audit: type=1326 audit(2000000213.703:4181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28546 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4751b8e9a9 code=0x7ffc0000
[ 1837.596885][T27317] usb 4-1: can't set config #0, error -71
[ 1837.615867][T27317] usb 4-1: USB disconnect, device number 103
[ 1837.750912][   T30] audit: type=1326 audit(2000000213.703:4182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28546 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4751b8e9a9 code=0x7ffc0000
[ 1838.301895][   T30] audit: type=1326 audit(2000000213.703:4183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28546 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4751b8e9a9 code=0x7ffc0000
[ 1838.325427][   T30] audit: type=1326 audit(2000000213.713:4184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28546 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7f4751b8e9a9 code=0x7ffc0000
[ 1838.348389][   T30] audit: type=1326 audit(2000000213.713:4185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28546 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4751b8e9a9 code=0x7ffc0000
[ 1838.420233][   T30] audit: type=1326 audit(2000000213.713:4186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28546 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4751b8e9a9 code=0x7ffc0000
[ 1838.463440][   T30] audit: type=1326 audit(2000000213.773:4187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28546 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4751b8e9a9 code=0x7ffc0000
[ 1838.549663][   T30] audit: type=1326 audit(2000000213.773:4188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28546 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4751b8e9a9 code=0x7ffc0000
[ 1838.574951][   T30] audit: type=1326 audit(2000000213.863:4189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28546 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f4751b8d60a code=0x7ffc0000
[ 1838.597744][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1838.987154][   T30] audit: type=1326 audit(2000000213.863:4190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28546 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f4751bc1265 code=0x7ffc0000
[ 1839.141375][T28568] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1839.384633][T28572] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1839.395500][T28572] overlayfs: missing 'lowerdir'
[ 1839.651093][T28578] FAULT_INJECTION: forcing a failure.
[ 1839.651093][T28578] name failslab, interval 1, probability 0, space 0, times 0
[ 1839.693293][T28578] CPU: 1 UID: 0 PID: 28578 Comm: syz.5.6214 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1839.693320][T28578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1839.693331][T28578] Call Trace:
[ 1839.693337][T28578]  <TASK>
[ 1839.693344][T28578]  dump_stack_lvl+0x16c/0x1f0
[ 1839.693366][T28578]  should_fail_ex+0x512/0x640
[ 1839.693392][T28578]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1839.693423][T28578]  should_failslab+0xc2/0x120
[ 1839.693441][T28578]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1839.693467][T28578]  ? __alloc_skb+0x2b2/0x380
[ 1839.693497][T28578]  __alloc_skb+0x2b2/0x380
[ 1839.693522][T28578]  ? __pfx___alloc_skb+0x10/0x10
[ 1839.693551][T28578]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1839.693578][T28578]  netlink_alloc_large_skb+0x69/0x130
[ 1839.693600][T28578]  netlink_sendmsg+0x6a1/0xdd0
[ 1839.693624][T28578]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1839.693654][T28578]  ____sys_sendmsg+0xa95/0xc70
[ 1839.693677][T28578]  ? copy_msghdr_from_user+0x10a/0x160
[ 1839.693694][T28578]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1839.693727][T28578]  ___sys_sendmsg+0x134/0x1d0
[ 1839.693746][T28578]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1839.693760][T28578]  ? __lock_acquire+0x622/0x1c90
[ 1839.693807][T28578]  __sys_sendmsg+0x16d/0x220
[ 1839.693825][T28578]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1839.693858][T28578]  do_syscall_64+0xcd/0x4c0
[ 1839.693877][T28578]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1839.693896][T28578] RIP: 0033:0x7f4751b8e9a9
[ 1839.693912][T28578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1839.693929][T28578] RSP: 002b:00007f474f9f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1839.693947][T28578] RAX: ffffffffffffffda RBX: 00007f4751db5fa0 RCX: 00007f4751b8e9a9
[ 1839.693958][T28578] RDX: 0000000020004800 RSI: 00002000000001c0 RDI: 0000000000000003
[ 1839.693976][T28578] RBP: 00007f474f9f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1839.693987][T28578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1839.693998][T28578] R13: 0000000000000000 R14: 00007f4751db5fa0 R15: 00007ffca3b51d38
[ 1839.694022][T28578]  </TASK>
[ 1839.912907][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1840.018606][T28584] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1840.018606][T28584]    program syz.6.6216 not setting count and/or reply_len properly
[ 1841.108652][T28588] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=28588 comm=syz.3.6219
[ 1841.877707][T28598] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=28598 comm=syz.4.6221
[ 1842.058702][T28583] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1842.186304][T28602] FAULT_INJECTION: forcing a failure.
[ 1842.186304][T28602] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1842.200249][T28602] CPU: 0 UID: 0 PID: 28602 Comm: syz.3.6222 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1842.200272][T28602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1842.200281][T28602] Call Trace:
[ 1842.200285][T28602]  <TASK>
[ 1842.200289][T28602]  dump_stack_lvl+0x16c/0x1f0
[ 1842.200304][T28602]  should_fail_ex+0x512/0x640
[ 1842.200323][T28602]  _copy_from_user+0x2e/0xd0
[ 1842.200335][T28602]  kstrtouint_from_user+0xd6/0x1d0
[ 1842.200349][T28602]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1842.200363][T28602]  ? __lock_acquire+0xb8a/0x1c90
[ 1842.200380][T28602]  proc_fail_nth_write+0x83/0x250
[ 1842.200397][T28602]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1842.200416][T28602]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1842.200432][T28602]  vfs_write+0x2a0/0x1150
[ 1842.200450][T28602]  ? __pfx___mutex_lock+0x10/0x10
[ 1842.200461][T28602]  ? __pfx_vfs_write+0x10/0x10
[ 1842.200480][T28602]  ? __fget_files+0x20e/0x3c0
[ 1842.200494][T28602]  ksys_write+0x12a/0x250
[ 1842.200510][T28602]  ? __pfx_ksys_write+0x10/0x10
[ 1842.200525][T28602]  ? xfd_validate_state+0x61/0x180
[ 1842.200544][T28602]  do_syscall_64+0xcd/0x4c0
[ 1842.200556][T28602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1842.200568][T28602] RIP: 0033:0x7f960af8d45f
[ 1842.200578][T28602] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1842.200589][T28602] RSP: 002b:00007f9608db4030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1842.200600][T28602] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f960af8d45f
[ 1842.200607][T28602] RDX: 0000000000000001 RSI: 00007f9608db40a0 RDI: 0000000000000005
[ 1842.200613][T28602] RBP: 00007f9608db4090 R08: 0000000000000000 R09: 0000000000000000
[ 1842.200620][T28602] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1842.200626][T28602] R13: 0000000000000001 R14: 00007f960b1b6160 R15: 00007ffcc1e06478
[ 1842.200640][T28602]  </TASK>
[ 1843.892320][T28637] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1843.892320][T28637]    program syz.4.6234 not setting count and/or reply_len properly
[ 1844.888504][T28632] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6233'.
[ 1845.359847][T28643] : entered promiscuous mode
[ 1845.873312][T28646] netlink: 48 bytes leftover after parsing attributes in process `syz.5.6236'.
[ 1846.811277][T13008] Bluetooth: Unexpected continuation frame (len 16)
[ 1846.955460][   T30] kauditd_printk_skb: 8 callbacks suppressed
[ 1846.955475][   T30] audit: type=1400 audit(2000000223.113:4199): avc:  denied  { ioctl } for  pid=28661 comm="syz.6.6242" path="<too_long>" dev="cgroup2" ino=454 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1847.616532][T28674] xt_hashlimit: size too large, truncated to 1048576
[ 1847.633834][T17105] usb 7-1: new full-speed USB device number 44 using dummy_hcd
[ 1847.726326][T28659] delete_channel: no stack
[ 1847.821297][T17105] usb 7-1: config 1 interface 0 altsetting 23 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1847.843763][T17105] usb 7-1: config 1 interface 0 altsetting 23 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1847.885128][T28680] FAULT_INJECTION: forcing a failure.
[ 1847.885128][T28680] name failslab, interval 1, probability 0, space 0, times 0
[ 1847.908375][T17105] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[ 1847.914677][T28680] CPU: 1 UID: 0 PID: 28680 Comm: syz.3.6246 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1847.914700][T28680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1847.914711][T28680] Call Trace:
[ 1847.914717][T28680]  <TASK>
[ 1847.914723][T28680]  dump_stack_lvl+0x16c/0x1f0
[ 1847.914742][T28680]  should_fail_ex+0x512/0x640
[ 1847.914766][T28680]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1847.914792][T28680]  should_failslab+0xc2/0x120
[ 1847.914807][T28680]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1847.914830][T28680]  ? __alloc_skb+0x2b2/0x380
[ 1847.914858][T28680]  __alloc_skb+0x2b2/0x380
[ 1847.914880][T28680]  ? __pfx___alloc_skb+0x10/0x10
[ 1847.914914][T28680]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1847.914937][T28680]  netlink_alloc_large_skb+0x69/0x130
[ 1847.914956][T28680]  netlink_sendmsg+0x6a1/0xdd0
[ 1847.914978][T28680]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1847.915004][T28680]  ____sys_sendmsg+0xa95/0xc70
[ 1847.915025][T28680]  ? copy_msghdr_from_user+0x10a/0x160
[ 1847.915040][T28680]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1847.915070][T28680]  ___sys_sendmsg+0x134/0x1d0
[ 1847.915086][T28680]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1847.915099][T28680]  ? __lock_acquire+0x622/0x1c90
[ 1847.915141][T28680]  __sys_sendmsg+0x16d/0x220
[ 1847.915156][T28680]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1847.915186][T28680]  do_syscall_64+0xcd/0x4c0
[ 1847.915204][T28680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1847.915219][T28680] RIP: 0033:0x7f960af8e9a9
[ 1847.915232][T28680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1847.915247][T28680] RSP: 002b:00007f9608df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1847.915266][T28680] RAX: ffffffffffffffda RBX: 00007f960b1b5fa0 RCX: 00007f960af8e9a9
[ 1847.915276][T28680] RDX: 0000000020004804 RSI: 0000200000006040 RDI: 0000000000000006
[ 1847.915286][T28680] RBP: 00007f9608df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1847.915295][T28680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1847.915304][T28680] R13: 0000000000000000 R14: 00007f960b1b5fa0 R15: 00007ffcc1e06478
[ 1847.915326][T28680]  </TASK>
[ 1848.210976][T17105] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[ 1848.226453][T17105] usb 7-1: config 1 interface 0 has no altsetting 0
[ 1848.339030][T17105] usb 7-1: New USB device found, idVendor=0525, idProduct=a6a1, bcdDevice= 0.40
[ 1848.349217][T17105] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1848.357556][T17105] usb 7-1: Product: syz
[ 1848.365611][T17105] usb 7-1: Manufacturer: syz
[ 1848.709214][T17105] usb 7-1: SerialNumber: syz
[ 1848.742268][T28671] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1848.783982][T17105] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[ 1848.804212][T17105] cdc_ncm 7-1:1.1: bind() failure
[ 1849.106672][T28700] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6251'.
[ 1851.049330][T17105] usb 7-1: USB disconnect, device number 44
[ 1851.349416][T28733] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1851.349416][T28733]    program syz.4.6261 not setting count and/or reply_len properly
[ 1852.783958][T28746] siw: device registration error -23
[ 1852.836491][   T30] audit: type=1326 audit(2000000228.993:4200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28745 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdafab8e9a9 code=0x7ffc0000
[ 1852.868268][   T30] audit: type=1326 audit(2000000228.993:4201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28745 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdafab8e9a9 code=0x7ffc0000
[ 1852.894754][   T30] audit: type=1326 audit(2000000228.993:4202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28745 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdafab8e9a9 code=0x7ffc0000
[ 1852.921234][   T30] audit: type=1326 audit(2000000228.993:4203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28745 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdafab8e9a9 code=0x7ffc0000
[ 1852.944626][   T30] audit: type=1326 audit(2000000229.023:4204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28745 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7fdafab8e9a9 code=0x7ffc0000
[ 1852.978249][   T30] audit: type=1326 audit(2000000229.023:4205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28745 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdafab8e9a9 code=0x7ffc0000
[ 1853.002117][   T30] audit: type=1326 audit(2000000229.023:4206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28745 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdafab8e9a9 code=0x7ffc0000
[ 1853.029504][T28749] FAULT_INJECTION: forcing a failure.
[ 1853.029504][T28749] name failslab, interval 1, probability 0, space 0, times 0
[ 1853.043376][T28749] CPU: 0 UID: 0 PID: 28749 Comm: syz.3.6266 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1853.043401][T28749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1853.043412][T28749] Call Trace:
[ 1853.043418][T28749]  <TASK>
[ 1853.043424][T28749]  dump_stack_lvl+0x16c/0x1f0
[ 1853.043446][T28749]  should_fail_ex+0x512/0x640
[ 1853.043473][T28749]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1853.043502][T28749]  should_failslab+0xc2/0x120
[ 1853.043520][T28749]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1853.043547][T28749]  ? __alloc_skb+0x2b2/0x380
[ 1853.043579][T28749]  __alloc_skb+0x2b2/0x380
[ 1853.043605][T28749]  ? __pfx___alloc_skb+0x10/0x10
[ 1853.043634][T28749]  ? __lock_acquire+0x622/0x1c90
[ 1853.043655][T28749]  alloc_skb_with_frags+0xe0/0x860
[ 1853.043682][T28749]  sock_alloc_send_pskb+0x7fb/0x990
[ 1853.043708][T28749]  ? avc_has_perm_noaudit+0x117/0x3b0
[ 1853.043737][T28749]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1853.043761][T28749]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[ 1853.043792][T28749]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[ 1853.043817][T28749]  ? avc_has_perm+0x11a/0x1c0
[ 1853.043838][T28749]  ? __pfx_avc_has_perm+0x10/0x10
[ 1853.043871][T28749]  unix_dgram_sendmsg+0x3e9/0x17a0
[ 1853.043903][T28749]  ? __pfx_sock_has_perm+0x10/0x10
[ 1853.043930][T28749]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[ 1853.043956][T28749]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[ 1853.043982][T28749]  ? __import_iovec+0x1dd/0x650
[ 1853.043999][T28749]  ? __might_fault+0xe3/0x190
[ 1853.044024][T28749]  ? __might_fault+0x13b/0x190
[ 1853.044052][T28749]  unix_seqpacket_sendmsg+0x12a/0x1c0
[ 1853.044081][T28749]  ____sys_sendmsg+0xa95/0xc70
[ 1853.044103][T28749]  ? copy_msghdr_from_user+0x10a/0x160
[ 1853.044121][T28749]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1853.044147][T28749]  ? __pfx__kstrtoull+0x10/0x10
[ 1853.044175][T28749]  ___sys_sendmsg+0x134/0x1d0
[ 1853.044193][T28749]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1853.044221][T28749]  ? find_held_lock+0x2b/0x80
[ 1853.044263][T28749]  __sys_sendmmsg+0x200/0x420
[ 1853.044284][T28749]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1853.044309][T28749]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1853.044338][T28749]  ? fput+0x70/0xf0
[ 1853.044358][T28749]  ? ksys_write+0x1ac/0x250
[ 1853.044382][T28749]  ? __pfx_ksys_write+0x10/0x10
[ 1853.044412][T28749]  __x64_sys_sendmmsg+0x9c/0x100
[ 1853.044428][T28749]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1853.044455][T28749]  do_syscall_64+0xcd/0x4c0
[ 1853.044474][T28749]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1853.044493][T28749] RIP: 0033:0x7f960af8e9a9
[ 1853.044507][T28749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1853.044524][T28749] RSP: 002b:00007f9608dd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1853.044541][T28749] RAX: ffffffffffffffda RBX: 00007f960b1b6080 RCX: 00007f960af8e9a9
[ 1853.044552][T28749] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[ 1853.044563][T28749] RBP: 00007f9608dd5090 R08: 0000000000000000 R09: 0000000000000000
[ 1853.044573][T28749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1853.044584][T28749] R13: 0000000000000001 R14: 00007f960b1b6080 R15: 00007ffcc1e06478
[ 1853.044608][T28749]  </TASK>
[ 1853.369214][   T30] audit: type=1326 audit(2000000229.023:4207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28745 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdafab8d310 code=0x7ffc0000
[ 1853.392793][   T30] audit: type=1326 audit(2000000229.023:4208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28745 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdafab8e9a9 code=0x7ffc0000
[ 1853.416037][   T30] audit: type=1326 audit(2000000229.023:4209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28745 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdafab8e9a9 code=0x7ffc0000
[ 1853.803696][T28761] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[ 1854.164320][T28767] netlink: 256 bytes leftover after parsing attributes in process `syz.5.6272'.
[ 1854.460298][T28755] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1854.638975][T27317] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 1854.833660][T28773] mkiss: ax0: crc mode is auto.
[ 1855.101773][T28776] FAULT_INJECTION: forcing a failure.
[ 1855.101773][T28776] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1855.128811][T27317] usb 5-1: Using ep0 maxpacket: 8
[ 1855.146724][T27317] usb 5-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1855.155898][T27317] usb 5-1: config 0 has an invalid interface number: 21 but max is 0
[ 1855.173011][T28776] CPU: 1 UID: 0 PID: 28776 Comm: syz.6.6275 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1855.173037][T28776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1855.173048][T28776] Call Trace:
[ 1855.173055][T28776]  <TASK>
[ 1855.173063][T28776]  dump_stack_lvl+0x16c/0x1f0
[ 1855.173086][T28776]  should_fail_ex+0x512/0x640
[ 1855.173124][T28776]  _copy_to_user+0x32/0xd0
[ 1855.173145][T28776]  simple_read_from_buffer+0xcb/0x170
[ 1855.173174][T28776]  proc_fail_nth_read+0x197/0x270
[ 1855.173203][T28776]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1855.173231][T28776]  ? rw_verify_area+0xcf/0x680
[ 1855.173254][T28776]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1855.173280][T28776]  vfs_read+0x1e1/0xc60
[ 1855.173310][T28776]  ? __pfx___mutex_lock+0x10/0x10
[ 1855.173328][T28776]  ? __pfx_vfs_read+0x10/0x10
[ 1855.173361][T28776]  ? __fget_files+0x20e/0x3c0
[ 1855.173386][T28776]  ksys_read+0x12a/0x250
[ 1855.173411][T28776]  ? __pfx_ksys_read+0x10/0x10
[ 1855.173445][T28776]  do_syscall_64+0xcd/0x4c0
[ 1855.173466][T28776]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1855.173485][T28776] RIP: 0033:0x7fc0e8f8d3bc
[ 1855.173501][T28776] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1855.173521][T28776] RSP: 002b:00007fc0e9dea030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1855.173540][T28776] RAX: ffffffffffffffda RBX: 00007fc0e91b5fa0 RCX: 00007fc0e8f8d3bc
[ 1855.173551][T28776] RDX: 000000000000000f RSI: 00007fc0e9dea0a0 RDI: 0000000000000006
[ 1855.173562][T28776] RBP: 00007fc0e9dea090 R08: 0000000000000000 R09: 0000000000000000
[ 1855.173573][T28776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1855.173583][T28776] R13: 0000000000000000 R14: 00007fc0e91b5fa0 R15: 00007ffe36000b58
[ 1855.173609][T28776]  </TASK>
[ 1855.570359][T27317] usb 5-1: config 0 has no interface number 0
[ 1855.603845][T27317] usb 5-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1855.665596][T27317] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 6779, setting to 64
[ 1855.729699][T27317] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[ 1855.779693][T27317] usb 5-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[ 1855.829882][T27317] usb 5-1: Product: syz
[ 1855.888555][T27317] usb 5-1: config 0 descriptor??
[ 1856.257403][T27317] usb 5-1: USB disconnect, device number 12
[ 1857.789042][T28815] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6285'.
[ 1858.868899][T27317] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[ 1859.037598][T27317] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1859.331476][T27317] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1859.365499][T27317] usb 4-1: config 0 descriptor??
[ 1860.028313][T28815] team0 (unregistering): Port device team_slave_0 removed
[ 1860.161981][T28852] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1860.161981][T28852]    program syz.0.6296 not setting count and/or reply_len properly
[ 1860.425492][T28815] team0 (unregistering): Port device team_slave_1 removed
[ 1860.718910][T28491] usb 6-1: new high-speed USB device number 92 using dummy_hcd
[ 1860.749006][   T30] kauditd_printk_skb: 12 callbacks suppressed
[ 1860.749024][   T30] audit: type=1400 audit(2000000236.903:4222): avc:  denied  { mounton } for  pid=28857 comm="syz.0.6299" path="/49/file0" dev="tmpfs" ino=281 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1860.758961][T28858] ./file0: Can't open blockdev
[ 1861.069170][T28491] usb 6-1: Using ep0 maxpacket: 32
[ 1861.110344][T28491] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[ 1861.167919][T28491] usb 6-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[ 1861.185594][T28491] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1861.203012][T28491] usb 6-1: Product: syz
[ 1861.267221][T28862] lo: entered allmulticast mode
[ 1861.359089][T28491] usb 6-1: Manufacturer: syz
[ 1861.364061][T28491] usb 6-1: SerialNumber: syz
[ 1861.545884][T28491] usb 6-1: config 0 descriptor??
[ 1861.564444][T28854] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1861.583842][T28491] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input125
[ 1861.663055][T28860] lo: left allmulticast mode
[ 1861.731214][T27317] pegasus 4-1:0.0: probe with driver pegasus failed with error -110
[ 1863.326660][T28878] QAT: Device 7 not found
[ 1863.362686][T27317] usb 4-1: USB disconnect, device number 104
[ 1864.241473][T28891] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1864.251261][T28891] overlayfs: missing 'lowerdir'
[ 1864.447381][T28491] usb 6-1: USB disconnect, device number 92
[ 1864.453466][    C0] usbtouchscreen 6-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[ 1864.666502][T28895] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1864.666502][T28895]    program syz.3.6309 not setting count and/or reply_len properly
[ 1864.956103][ T7990] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1864.987699][   T30] audit: type=1400 audit(2000000241.133:4223): avc:  denied  { mounton } for  pid=28896 comm="syz.6.6311" path="/440/file0" dev="configfs" ino=1197 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1865.113585][T28901] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6312'.
[ 1865.370084][T17105] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[ 1866.015157][T17105] usb 7-1: device descriptor read/64, error -71
[ 1866.077536][T28912] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6307'.
[ 1866.148891][ T5893] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[ 1866.264321][T28915] FAULT_INJECTION: forcing a failure.
[ 1866.264321][T28915] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1866.281233][T28915] CPU: 0 UID: 0 PID: 28915 Comm: syz.3.6315 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1866.281259][T28915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1866.281271][T28915] Call Trace:
[ 1866.281277][T28915]  <TASK>
[ 1866.281285][T28915]  dump_stack_lvl+0x16c/0x1f0
[ 1866.281307][T28915]  should_fail_ex+0x512/0x640
[ 1866.281339][T28915]  _copy_from_user+0x2e/0xd0
[ 1866.281359][T28915]  core_sys_select+0x35b/0xc10
[ 1866.281393][T28915]  ? __pfx_core_sys_select+0x10/0x10
[ 1866.281446][T28915]  ? set_user_sigmask+0x21b/0x2b0
[ 1866.281468][T28915]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1866.281494][T28915]  do_pselect.constprop.0+0x19f/0x1e0
[ 1866.281523][T28915]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[ 1866.281561][T28915]  __x64_sys_pselect6+0x182/0x240
[ 1866.281590][T28915]  ? __pfx___x64_sys_pselect6+0x10/0x10
[ 1866.281625][T28915]  do_syscall_64+0xcd/0x4c0
[ 1866.281646][T28915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1866.281664][T28915] RIP: 0033:0x7f960af8e9a9
[ 1866.281680][T28915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1866.281697][T28915] RSP: 002b:00007f9608dd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1866.281715][T28915] RAX: ffffffffffffffda RBX: 00007f960b1b6080 RCX: 00007f960af8e9a9
[ 1866.281728][T28915] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[ 1866.281740][T28915] RBP: 00007f9608dd5090 R08: 0000000000000000 R09: 0000000000000000
[ 1866.281751][T28915] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[ 1866.281762][T28915] R13: 0000000000000000 R14: 00007f960b1b6080 R15: 00007ffcc1e06478
[ 1866.281786][T28915]  </TASK>
[ 1866.469380][T17105] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[ 1866.532759][ T5893] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1866.554650][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1866.604692][ T5893] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1866.625608][ T5893] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1866.642607][ T5893] usb 5-1: Manufacturer: syz
[ 1866.667445][ T5893] usb 5-1: config 0 descriptor??
[ 1866.770326][ T5893] rc_core: IR keymap rc-hauppauge not found
[ 1866.776231][ T5893] Registered IR keymap rc-empty
[ 1866.781864][ T5893] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[ 1866.805167][ T5893] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input126
[ 1866.819000][T17105] usb 7-1: device descriptor read/64, error -71
[ 1866.931514][T17105] usb usb7-port1: attempt power cycle
[ 1866.998864][T22140] Bluetooth: hci5: command 0x1003 tx timeout
[ 1866.999161][T13008] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1867.074682][   T30] audit: type=1326 audit(2000000243.233:4224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28920 comm="syz.0.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e41f8e9a9 code=0x7ffc0000
[ 1867.100042][   T30] audit: type=1326 audit(2000000243.233:4225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28920 comm="syz.0.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e41f8e9a9 code=0x7ffc0000
[ 1867.134606][T28904] netlink: zone id is out of range
[ 1867.140121][T28904] netlink: zone id is out of range
[ 1867.145214][T28904] netlink: zone id is out of range
[ 1867.159103][T28904] netlink: set zone limit has 4 unknown bytes
[ 1867.166990][   T30] audit: type=1326 audit(2000000243.233:4226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28920 comm="syz.0.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4e41f8e9a9 code=0x7ffc0000
[ 1867.171104][T28491] usb 5-1: USB disconnect, device number 13
[ 1867.200562][   T30] audit: type=1326 audit(2000000243.233:4227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28920 comm="syz.0.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e41f8e9a9 code=0x7ffc0000
[ 1867.219201][   T10] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[ 1867.228359][   T30] audit: type=1326 audit(2000000243.233:4228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28920 comm="syz.0.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e41f8e9a9 code=0x7ffc0000
[ 1867.264425][   T30] audit: type=1326 audit(2000000243.233:4229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28920 comm="syz.0.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4e41f8e9a9 code=0x7ffc0000
[ 1867.278977][T17105] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[ 1867.292197][   T30] audit: type=1326 audit(2000000243.233:4230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28920 comm="syz.0.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e41f8e9a9 code=0x7ffc0000
[ 1867.324928][   T30] audit: type=1326 audit(2000000243.233:4231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28920 comm="syz.0.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7f4e41f8e9a9 code=0x7ffc0000
[ 1867.325931][T17105] usb 7-1: device descriptor read/8, error -71
[ 1867.348997][   T30] audit: type=1326 audit(2000000243.233:4232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28920 comm="syz.0.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e41f8e9a9 code=0x7ffc0000
[ 1867.383902][   T30] audit: type=1326 audit(2000000243.233:4233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28920 comm="syz.0.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4e41f8e9a9 code=0x7ffc0000
[ 1867.400141][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1867.418437][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1867.428793][   T10] usb 4-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[ 1867.437826][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1867.448680][   T10] usb 4-1: config 0 descriptor??
[ 1867.619177][T17105] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[ 1867.650153][T17105] usb 7-1: device descriptor read/8, error -71
[ 1867.683420][T28928] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8208 sclass=netlink_route_socket pid=28928 comm=syz.5.6320
[ 1868.240471][T17105] usb usb7-port1: unable to enumerate USB device
[ 1869.036344][T28941] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=55 (110 ns) > initial count (64 ns). Using initial count to start timer.
[ 1869.072004][   T10] usbhid 4-1:0.0: can't add hid device: -71
[ 1869.079149][   T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1869.116277][   T10] usb 4-1: USB disconnect, device number 105
[ 1869.249030][ T5893] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[ 1869.418995][ T5893] usb 6-1: Using ep0 maxpacket: 32
[ 1869.436665][ T5893] usb 6-1: config 0 has an invalid interface number: 136 but max is 0
[ 1869.468319][ T5893] usb 6-1: config 0 has no interface number 0
[ 1869.533195][ T5893] usb 6-1: config 0 interface 136 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[ 1869.581333][ T5893] usb 6-1: config 0 interface 136 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[ 1869.602766][ T5893] usb 6-1: config 0 interface 136 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[ 1869.645204][ T5893] usb 6-1: config 0 interface 136 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[ 1869.676522][ T5893] usb 6-1: config 0 interface 136 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 5
[ 1869.716926][T28963] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6329'.
[ 1869.788782][ T5893] usb 6-1: New USB device found, idVendor=0763, idProduct=1021, bcdDevice=8e.c0
[ 1869.806449][ T5893] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1869.829934][ T5893] usb 6-1: config 0 descriptor??
[ 1869.890640][T28964] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1869.902780][T28964] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1869.944216][ T5893] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1870.177669][T28938] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6323'.
[ 1870.226519][T28938] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1870.254047][T28938] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1870.271235][ T5893] snd-usb-audio 6-1:0.136: probe with driver snd-usb-audio failed with error -2
[ 1870.961460][T28938] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1870.982445][T28938] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1871.162284][ T5940] usb 6-1: USB disconnect, device number 93
[ 1871.194736][T28975] FAULT_INJECTION: forcing a failure.
[ 1871.194736][T28975] name failslab, interval 1, probability 0, space 0, times 0
[ 1871.244507][T28975] CPU: 1 UID: 0 PID: 28975 Comm: syz.6.6331 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1871.244529][T28975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1871.244536][T28975] Call Trace:
[ 1871.244540][T28975]  <TASK>
[ 1871.244545][T28975]  dump_stack_lvl+0x16c/0x1f0
[ 1871.244565][T28975]  should_fail_ex+0x512/0x640
[ 1871.244592][T28975]  ? fs_reclaim_acquire+0xae/0x150
[ 1871.244615][T28975]  ? tomoyo_encode2+0x100/0x3e0
[ 1871.244626][T28975]  should_failslab+0xc2/0x120
[ 1871.244638][T28975]  __kmalloc_noprof+0xd2/0x510
[ 1871.244664][T28975]  ? d_absolute_path+0x136/0x1a0
[ 1871.244690][T28975]  tomoyo_encode2+0x100/0x3e0
[ 1871.244709][T28975]  tomoyo_encode+0x29/0x50
[ 1871.244726][T28975]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1871.244751][T28975]  tomoyo_path_number_perm+0x245/0x580
[ 1871.244776][T28975]  ? tomoyo_path_number_perm+0x237/0x580
[ 1871.244802][T28975]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1871.244821][T28975]  ? find_held_lock+0x2b/0x80
[ 1871.244847][T28975]  ? find_held_lock+0x2b/0x80
[ 1871.244860][T28975]  ? hook_file_ioctl_common+0x145/0x410
[ 1871.244876][T28975]  ? __fget_files+0x20e/0x3c0
[ 1871.244888][T28975]  security_file_ioctl+0x9b/0x240
[ 1871.244900][T28975]  __x64_sys_ioctl+0xb7/0x210
[ 1871.244917][T28975]  do_syscall_64+0xcd/0x4c0
[ 1871.244928][T28975]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1871.244940][T28975] RIP: 0033:0x7fc0e8f8e9a9
[ 1871.244949][T28975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1871.244960][T28975] RSP: 002b:00007fc0e9dea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1871.244973][T28975] RAX: ffffffffffffffda RBX: 00007fc0e91b5fa0 RCX: 00007fc0e8f8e9a9
[ 1871.244980][T28975] RDX: 0000000000000000 RSI: 0000000080047455 RDI: 0000000000000004
[ 1871.244986][T28975] RBP: 00007fc0e9dea090 R08: 0000000000000000 R09: 0000000000000000
[ 1871.244993][T28975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1871.244999][T28975] R13: 0000000000000000 R14: 00007fc0e91b5fa0 R15: 00007ffe36000b58
[ 1871.245013][T28975]  </TASK>
[ 1871.245025][T28975] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1871.757620][T28985] netlink: 56 bytes leftover after parsing attributes in process `syz.6.6334'.
[ 1872.279356][ T5940] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1872.429148][ T5940] usb 5-1: Using ep0 maxpacket: 32
[ 1872.444643][ T5940] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1872.951071][ T5940] usb 5-1: config 7 has an invalid interface number: 187 but max is 0
[ 1872.969095][ T5940] usb 5-1: config 7 has no interface number 0
[ 1872.994314][ T5940] usb 5-1: config 7 interface 187 altsetting 6 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1873.004532][ T5940] usb 5-1: config 7 interface 187 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 0
[ 1873.014609][ T5940] usb 5-1: config 7 interface 187 has no altsetting 0
[ 1873.112254][ T5940] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[ 1873.146893][ T5940] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1873.639696][ T5940] usb 5-1: Product: syz
[ 1873.644164][ T5940] usb 5-1: Manufacturer: syz
[ 1873.654055][ T5940] usb 5-1: SerialNumber: syz
[ 1873.836935][T29003] netlink: 'syz.3.6339': attribute type 3 has an invalid length.
[ 1873.850874][T29003] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.6339'.
[ 1873.947331][T29006] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1873.958435][T29006] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1874.193553][T29008] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6333'.
[ 1874.204245][T29008] bad cache= option: no%e
[ 1874.204245][T29008] 
[ 1874.210820][T29008] CIFS: VFS: bad cache= option: no%e
[ 1874.330836][ T5940] usb 5-1: Cannot retrieve CPort count: -71
[ 1874.447213][ T5940] usb 5-1: Cannot retrieve CPort count: -71
[ 1874.498430][ T5940] es2_ap_driver 5-1:7.187: probe with driver es2_ap_driver failed with error -71
[ 1874.579203][T29012] FAULT_INJECTION: forcing a failure.
[ 1874.579203][T29012] name failslab, interval 1, probability 0, space 0, times 0
[ 1874.584665][ T5940] usb 5-1: USB disconnect, device number 14
[ 1874.596235][T29012] CPU: 1 UID: 0 PID: 29012 Comm: syz.3.6342 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1874.596258][T29012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1874.596267][T29012] Call Trace:
[ 1874.596273][T29012]  <TASK>
[ 1874.596279][T29012]  dump_stack_lvl+0x16c/0x1f0
[ 1874.596298][T29012]  should_fail_ex+0x512/0x640
[ 1874.596322][T29012]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1874.596348][T29012]  should_failslab+0xc2/0x120
[ 1874.596364][T29012]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1874.596387][T29012]  ? __alloc_skb+0x2b2/0x380
[ 1874.596414][T29012]  __alloc_skb+0x2b2/0x380
[ 1874.596436][T29012]  ? __pfx___alloc_skb+0x10/0x10
[ 1874.596462][T29012]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1874.596485][T29012]  netlink_alloc_large_skb+0x69/0x130
[ 1874.596504][T29012]  netlink_sendmsg+0x6a1/0xdd0
[ 1874.596526][T29012]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1874.596551][T29012]  ____sys_sendmsg+0xa95/0xc70
[ 1874.596571][T29012]  ? copy_msghdr_from_user+0x10a/0x160
[ 1874.596586][T29012]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1874.596615][T29012]  ___sys_sendmsg+0x134/0x1d0
[ 1874.596631][T29012]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1874.596644][T29012]  ? __lock_acquire+0x622/0x1c90
[ 1874.596685][T29012]  __sys_sendmsg+0x16d/0x220
[ 1874.596700][T29012]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1874.596723][T29012]  ? fput+0x70/0xf0
[ 1874.596743][T29012]  do_syscall_64+0xcd/0x4c0
[ 1874.596760][T29012]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1874.596776][T29012] RIP: 0033:0x7f960af8e9a9
[ 1874.596789][T29012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1874.596804][T29012] RSP: 002b:00007f9608df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1874.596819][T29012] RAX: ffffffffffffffda RBX: 00007f960b1b5fa0 RCX: 00007f960af8e9a9
[ 1874.596829][T29012] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003
[ 1874.596839][T29012] RBP: 00007f9608df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1874.596849][T29012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1874.596858][T29012] R13: 0000000000000000 R14: 00007f960b1b5fa0 R15: 00007ffcc1e06478
[ 1874.596879][T29012]  </TASK>
[ 1875.227839][   T30] kauditd_printk_skb: 6 callbacks suppressed
[ 1875.227856][   T30] audit: type=1400 audit(2000000251.383:4240): avc:  denied  { getopt } for  pid=29020 comm="syz.0.6343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 1875.358976][T29032] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8208 sclass=netlink_route_socket pid=29032 comm=syz.5.6348
[ 1875.375777][T29033] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6347'.
[ 1876.583712][T29040] binder: 29039:29040 ioctl c0306201 200000000080 returned -14
[ 1878.064957][T29072] netlink: set zone limit has 4 unknown bytes
[ 1878.268449][ T5893] IPVS: starting estimator thread 0...
[ 1878.496669][   T30] audit: type=1400 audit(2000000254.653:4241): avc:  denied  { ioctl } for  pid=29082 comm="syz.0.6361" path="socket:[122276]" dev="sockfs" ino=122276 ioctlcmd=0x89f9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1878.754440][T29083] overlay: filesystem on ./file1 not supported
[ 1878.792837][   T30] audit: type=1400 audit(2000000254.913:4242): avc:  denied  { mounton } for  pid=29082 comm="syz.0.6361" path="/65/file1/bus" dev="autofs" ino=122281 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[ 1879.239850][T29081] IPVS: using max 38 ests per chain, 91200 per kthread
[ 1881.679477][T29110] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6366'.
[ 1882.716657][T29125] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6371'.
[ 1882.996326][T29131] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=29131 comm=syz.0.6372
[ 1883.275807][T29138] FAULT_INJECTION: forcing a failure.
[ 1883.275807][T29138] name failslab, interval 1, probability 0, space 0, times 0
[ 1883.363603][T29138] CPU: 1 UID: 0 PID: 29138 Comm: syz.5.6376 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1883.363636][T29138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1883.363646][T29138] Call Trace:
[ 1883.363653][T29138]  <TASK>
[ 1883.363659][T29138]  dump_stack_lvl+0x16c/0x1f0
[ 1883.363681][T29138]  should_fail_ex+0x512/0x640
[ 1883.363706][T29138]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1883.363734][T29138]  should_failslab+0xc2/0x120
[ 1883.363751][T29138]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1883.363776][T29138]  ? __alloc_skb+0x2b2/0x380
[ 1883.363805][T29138]  __alloc_skb+0x2b2/0x380
[ 1883.363828][T29138]  ? __pfx___alloc_skb+0x10/0x10
[ 1883.363855][T29138]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1883.363879][T29138]  netlink_alloc_large_skb+0x69/0x130
[ 1883.363900][T29138]  netlink_sendmsg+0x6a1/0xdd0
[ 1883.363924][T29138]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1883.363952][T29138]  ____sys_sendmsg+0xa95/0xc70
[ 1883.363974][T29138]  ? copy_msghdr_from_user+0x10a/0x160
[ 1883.363989][T29138]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1883.364014][T29138]  ? __pfx__kstrtoull+0x10/0x10
[ 1883.364040][T29138]  ___sys_sendmsg+0x134/0x1d0
[ 1883.364057][T29138]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1883.364086][T29138]  ? find_held_lock+0x2b/0x80
[ 1883.364123][T29138]  __sys_sendmmsg+0x200/0x420
[ 1883.364142][T29138]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1883.364166][T29138]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1883.364193][T29138]  ? fput+0x70/0xf0
[ 1883.364211][T29138]  ? ksys_write+0x1ac/0x250
[ 1883.364233][T29138]  ? __pfx_ksys_write+0x10/0x10
[ 1883.364261][T29138]  __x64_sys_sendmmsg+0x9c/0x100
[ 1883.364277][T29138]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1883.364302][T29138]  do_syscall_64+0xcd/0x4c0
[ 1883.364319][T29138]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1883.364335][T29138] RIP: 0033:0x7f4751b8e9a9
[ 1883.364350][T29138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1883.364366][T29138] RSP: 002b:00007f474f9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1883.364383][T29138] RAX: ffffffffffffffda RBX: 00007f4751db5fa0 RCX: 00007f4751b8e9a9
[ 1883.364394][T29138] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[ 1883.364405][T29138] RBP: 00007f474f9f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1883.364414][T29138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1883.364424][T29138] R13: 0000000000000000 R14: 00007f4751db5fa0 R15: 00007ffca3b51d38
[ 1883.364447][T29138]  </TASK>
[ 1885.226548][ T5913] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[ 1885.249919][T29158] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1885.259667][T29158] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1885.640613][ T5913] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1885.652197][ T5913] usb 7-1: config 6 has an invalid interface number: 252 but max is 0
[ 1885.670196][ T5913] usb 7-1: config 6 has no interface number 0
[ 1885.678396][ T5913] usb 7-1: config 6 interface 252 has no altsetting 0
[ 1885.708106][ T5913] usb 7-1: New USB device found, idVendor=14aa, idProduct=0221, bcdDevice=76.22
[ 1885.728834][ T5913] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1885.747209][ T5913] usb 7-1: Product: syz
[ 1885.757808][ T5913] usb 7-1: Manufacturer: syz
[ 1885.789204][ T5913] usb 7-1: SerialNumber: syz
[ 1886.100527][T29170] mkiss: ax0: crc mode is auto.
[ 1887.233967][ T5913] dvb-usb: found a 'WideView WT-220U PenType Receiver (Typhoon/Freecom)' in warm state.
[ 1887.540044][ T5913] dvb-usb: will use the device's hardware PID filter (table count: 15).
[ 1887.575970][ T5913] dvbdev: DVB: registering new adapter (WideView WT-220U PenType Receiver (Typhoon/Freecom))
[ 1887.608645][ T5913] usb 7-1: media controller created
[ 1887.646367][ T5913] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1887.691606][ T5913] usb 7-1: DVB: registering adapter 1 frontend 0 (WideView USB DVB-T)...
[ 1887.725842][ T5913] dvbdev: dvb_create_media_entity: media entity 'WideView USB DVB-T' registered.
[ 1888.166321][T29190] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6391'.
[ 1888.208818][ T5913] rc_core: IR keymap rc-dtt200u not found
[ 1888.214609][ T5913] Registered IR keymap rc-empty
[ 1888.220367][ T5913] rc rc0: WideView WT-220U PenType Receiver (Typhoon/Freecom) as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0
[ 1888.256377][ T5913] input: WideView WT-220U PenType Receiver (Typhoon/Freecom) as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0/input127
[ 1888.333411][ T5913] dvb-usb: schedule remote query interval to 300 msecs.
[ 1888.362471][ T5913] dvb-usb: WideView WT-220U PenType Receiver (Typhoon/Freecom) successfully initialized and connected.
[ 1888.429083][ T5913] usb 7-1: USB disconnect, device number 49
[ 1888.657076][ T5913] dvb-usb: WideView WT-220U PenType Receiver (Typh successfully deinitialized and disconnected.
[ 1888.714490][T29204] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1888.723585][T29204] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1889.098995][T17105] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 1889.511387][T17105] usb 5-1: Using ep0 maxpacket: 32
[ 1889.833484][T17105] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1889.902760][T17105] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1889.964628][T17105] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1889.996314][T29208] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1890.013470][T29210] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1890.093491][T29220] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6400'.
[ 1890.459503][T17105] usb 5-1: config 0 descriptor??
[ 1890.489517][T17105] hub 5-1:0.0: USB hub found
[ 1890.671748][T17105] hub 5-1:0.0: 1 port detected
[ 1890.834691][T29224] FAULT_INJECTION: forcing a failure.
[ 1890.834691][T29224] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1890.848089][T29224] CPU: 1 UID: 0 PID: 29224 Comm: syz.3.6402 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1890.848113][T29224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1890.848123][T29224] Call Trace:
[ 1890.848130][T29224]  <TASK>
[ 1890.848136][T29224]  dump_stack_lvl+0x16c/0x1f0
[ 1890.848157][T29224]  should_fail_ex+0x512/0x640
[ 1890.848188][T29224]  _copy_from_user+0x2e/0xd0
[ 1890.848206][T29224]  copy_msghdr_from_user+0x98/0x160
[ 1890.848224][T29224]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1890.848262][T29224]  ___sys_sendmsg+0xfe/0x1d0
[ 1890.848280][T29224]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1890.848294][T29224]  ? __lock_acquire+0x622/0x1c90
[ 1890.848342][T29224]  __sys_sendmsg+0x16d/0x220
[ 1890.848359][T29224]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1890.848391][T29224]  do_syscall_64+0xcd/0x4c0
[ 1890.848410][T29224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1890.848428][T29224] RIP: 0033:0x7f960af8e9a9
[ 1890.848443][T29224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1890.848460][T29224] RSP: 002b:00007f9608df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1890.848477][T29224] RAX: ffffffffffffffda RBX: 00007f960b1b5fa0 RCX: 00007f960af8e9a9
[ 1890.848489][T29224] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[ 1890.848500][T29224] RBP: 00007f9608df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1890.848510][T29224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1890.848520][T29224] R13: 0000000000000000 R14: 00007f960b1b5fa0 R15: 00007ffcc1e06478
[ 1890.848543][T29224]  </TASK>
[ 1891.597192][T13008] Bluetooth: Unexpected continuation frame (len 16)
[ 1891.638347][T29237] FAULT_INJECTION: forcing a failure.
[ 1891.638347][T29237] name failslab, interval 1, probability 0, space 0, times 0
[ 1891.719372][T29237] CPU: 1 UID: 0 PID: 29237 Comm: syz.5.6407 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1891.719399][T29237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1891.719410][T29237] Call Trace:
[ 1891.719417][T29237]  <TASK>
[ 1891.719424][T29237]  dump_stack_lvl+0x16c/0x1f0
[ 1891.719446][T29237]  should_fail_ex+0x512/0x640
[ 1891.719473][T29237]  ? fs_reclaim_acquire+0xae/0x150
[ 1891.719497][T29237]  ? tomoyo_encode2+0x100/0x3e0
[ 1891.719514][T29237]  should_failslab+0xc2/0x120
[ 1891.719532][T29237]  __kmalloc_noprof+0xd2/0x510
[ 1891.719565][T29237]  ? d_absolute_path+0x136/0x1a0
[ 1891.719591][T29237]  tomoyo_encode2+0x100/0x3e0
[ 1891.719613][T29237]  tomoyo_encode+0x29/0x50
[ 1891.719629][T29237]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1891.719656][T29237]  tomoyo_path_number_perm+0x245/0x580
[ 1891.719681][T29237]  ? tomoyo_path_number_perm+0x237/0x580
[ 1891.719708][T29237]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1891.719734][T29237]  ? find_held_lock+0x2b/0x80
[ 1891.719780][T29237]  ? find_held_lock+0x2b/0x80
[ 1891.719801][T29237]  ? hook_file_ioctl_common+0x145/0x410
[ 1891.719828][T29237]  ? __fget_files+0x20e/0x3c0
[ 1891.719849][T29237]  security_file_ioctl+0x9b/0x240
[ 1891.719867][T29237]  __x64_sys_ioctl+0xb7/0x210
[ 1891.719893][T29237]  do_syscall_64+0xcd/0x4c0
[ 1891.719914][T29237]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1891.719932][T29237] RIP: 0033:0x7f4751b8e9a9
[ 1891.719947][T29237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1891.719964][T29237] RSP: 002b:00007f474f9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1891.719981][T29237] RAX: ffffffffffffffda RBX: 00007f4751db5fa0 RCX: 00007f4751b8e9a9
[ 1891.719993][T29237] RDX: 0000200000000980 RSI: 00000000000007cb RDI: 0000000000000003
[ 1891.720005][T29237] RBP: 00007f474f9f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1891.720016][T29237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1891.720026][T29237] R13: 0000000000000000 R14: 00007f4751db5fa0 R15: 00007ffca3b51d38
[ 1891.720051][T29237]  </TASK>
[ 1891.720177][T29237] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1892.260216][T29247] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1892.269394][T29247] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1892.657357][   T30] audit: type=1800 audit(2000000268.813:4243): pid=29253 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.6410" name="nullb0" dev="devtmpfs" ino=3621 res=0 errno=0
[ 1892.682274][T17105] hub 5-1:0.0: hub_ext_port_status failed (err = -32)
[ 1893.318615][T29259] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=29259 comm=syz.3.6412
[ 1893.665398][T17105] usb 5-1: USB disconnect, device number 15
[ 1894.040304][T29279] FAULT_INJECTION: forcing a failure.
[ 1894.040304][T29279] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1894.064488][T29279] CPU: 1 UID: 0 PID: 29279 Comm: syz.5.6418 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1894.064512][T29279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1894.064521][T29279] Call Trace:
[ 1894.064525][T29279]  <TASK>
[ 1894.064531][T29279]  dump_stack_lvl+0x16c/0x1f0
[ 1894.064546][T29279]  should_fail_ex+0x512/0x640
[ 1894.064566][T29279]  _copy_from_user+0x2e/0xd0
[ 1894.064578][T29279]  sctp_setsockopt+0x2045/0xb870
[ 1894.064594][T29279]  ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10
[ 1894.064616][T29279]  ? __pfx_sctp_setsockopt+0x10/0x10
[ 1894.064631][T29279]  ? find_held_lock+0x2b/0x80
[ 1894.064647][T29279]  ? selinux_socket_setsockopt+0x6a/0x80
[ 1894.064662][T29279]  ? sock_common_setsockopt+0x2e/0xf0
[ 1894.064676][T29279]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1894.064690][T29279]  do_sock_setsockopt+0xf3/0x1d0
[ 1894.064704][T29279]  __sys_setsockopt+0x1a0/0x230
[ 1894.064723][T29279]  __x64_sys_setsockopt+0xbd/0x160
[ 1894.064739][T29279]  ? do_syscall_64+0x91/0x4c0
[ 1894.064750][T29279]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1894.064767][T29279]  do_syscall_64+0xcd/0x4c0
[ 1894.064782][T29279]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1894.064794][T29279] RIP: 0033:0x7f4751b8e9a9
[ 1894.064803][T29279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1894.064814][T29279] RSP: 002b:00007f474f9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1894.064825][T29279] RAX: ffffffffffffffda RBX: 00007f4751db5fa0 RCX: 00007f4751b8e9a9
[ 1894.064832][T29279] RDX: 0000000000000001 RSI: 0000000000000084 RDI: 0000000000000003
[ 1894.064839][T29279] RBP: 00007f474f9f6090 R08: 0000000000000014 R09: 0000000000000000
[ 1894.064845][T29279] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1894.064852][T29279] R13: 0000000000000000 R14: 00007f4751db5fa0 R15: 00007ffca3b51d38
[ 1894.064865][T29279]  </TASK>
[ 1894.816962][T29282] FAULT_INJECTION: forcing a failure.
[ 1894.816962][T29282] name failslab, interval 1, probability 0, space 0, times 0
[ 1894.829663][T29282] CPU: 1 UID: 0 PID: 29282 Comm: syz.6.6420 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1894.829687][T29282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1894.829697][T29282] Call Trace:
[ 1894.829704][T29282]  <TASK>
[ 1894.829711][T29282]  dump_stack_lvl+0x16c/0x1f0
[ 1894.829733][T29282]  should_fail_ex+0x512/0x640
[ 1894.829751][T29282]  ? __kmalloc_noprof+0xbf/0x510
[ 1894.829769][T29282]  ? sock_kmalloc+0x111/0x170
[ 1894.829783][T29282]  should_failslab+0xc2/0x120
[ 1894.829795][T29282]  __kmalloc_noprof+0xd2/0x510
[ 1894.829810][T29282]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1894.829826][T29282]  sock_kmalloc+0x111/0x170
[ 1894.829839][T29282]  af_alg_alloc_areq+0xbc/0x2e0
[ 1894.829859][T29282]  skcipher_recvmsg+0x32b/0x1030
[ 1894.829876][T29282]  ? __pfx_skcipher_recvmsg+0x10/0x10
[ 1894.829893][T29282]  sock_recvmsg+0x1f9/0x250
[ 1894.829906][T29282]  ____sys_recvmsg+0x218/0x6b0
[ 1894.829926][T29282]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1894.829945][T29282]  ? __lock_acquire+0x622/0x1c90
[ 1894.829957][T29282]  ___sys_recvmsg+0x114/0x1a0
[ 1894.829967][T29282]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1894.829989][T29282]  __sys_recvmsg+0x16a/0x220
[ 1894.830000][T29282]  ? __pfx___sys_recvmsg+0x10/0x10
[ 1894.830020][T29282]  do_syscall_64+0xcd/0x4c0
[ 1894.830032][T29282]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1894.830044][T29282] RIP: 0033:0x7fc0e8f8e9a9
[ 1894.830054][T29282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1894.830064][T29282] RSP: 002b:00007fc0e9dea038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1894.830075][T29282] RAX: ffffffffffffffda RBX: 00007fc0e91b5fa0 RCX: 00007fc0e8f8e9a9
[ 1894.830082][T29282] RDX: 0000000000012060 RSI: 00002000000002c0 RDI: 0000000000000004
[ 1894.830089][T29282] RBP: 00007fc0e9dea090 R08: 0000000000000000 R09: 0000000000000000
[ 1894.830095][T29282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1894.830101][T29282] R13: 0000000000000000 R14: 00007fc0e91b5fa0 R15: 00007ffe36000b58
[ 1894.830115][T29282]  </TASK>
[ 1895.232975][T29292] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1895.242325][T29292] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1895.806151][   T30] audit: type=1400 audit(2000000271.846:4244): avc:  denied  { read } for  pid=29299 comm="syz.5.6426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1895.828136][T29305] SELinux: failed to load policy
[ 1896.449242][T29325] FAULT_INJECTION: forcing a failure.
[ 1896.449242][T29325] name failslab, interval 1, probability 0, space 0, times 0
[ 1896.509244][T29325] CPU: 1 UID: 0 PID: 29325 Comm: syz.6.6431 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1896.509270][T29325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1896.509281][T29325] Call Trace:
[ 1896.509287][T29325]  <TASK>
[ 1896.509295][T29325]  dump_stack_lvl+0x16c/0x1f0
[ 1896.509316][T29325]  should_fail_ex+0x512/0x640
[ 1896.509334][T29325]  ? fs_reclaim_acquire+0xae/0x150
[ 1896.509348][T29325]  ? tomoyo_encode2+0x100/0x3e0
[ 1896.509359][T29325]  should_failslab+0xc2/0x120
[ 1896.509370][T29325]  __kmalloc_noprof+0xd2/0x510
[ 1896.509386][T29325]  ? d_absolute_path+0x136/0x1a0
[ 1896.509402][T29325]  tomoyo_encode2+0x100/0x3e0
[ 1896.509414][T29325]  tomoyo_encode+0x29/0x50
[ 1896.509425][T29325]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1896.509440][T29325]  tomoyo_path_number_perm+0x245/0x580
[ 1896.509455][T29325]  ? tomoyo_path_number_perm+0x237/0x580
[ 1896.509472][T29325]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1896.509488][T29325]  ? find_held_lock+0x2b/0x80
[ 1896.509516][T29325]  ? find_held_lock+0x2b/0x80
[ 1896.509530][T29325]  ? hook_file_ioctl_common+0x145/0x410
[ 1896.509546][T29325]  ? __fget_files+0x20e/0x3c0
[ 1896.509559][T29325]  security_file_ioctl+0x9b/0x240
[ 1896.509570][T29325]  __x64_sys_ioctl+0xb7/0x210
[ 1896.509587][T29325]  do_syscall_64+0xcd/0x4c0
[ 1896.509598][T29325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1896.509610][T29325] RIP: 0033:0x7fc0e8f8e9a9
[ 1896.509619][T29325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1896.509630][T29325] RSP: 002b:00007fc0e9dea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1896.509641][T29325] RAX: ffffffffffffffda RBX: 00007fc0e91b5fa0 RCX: 00007fc0e8f8e9a9
[ 1896.509648][T29325] RDX: 00002000000000c0 RSI: 00000000c0045627 RDI: 0000000000000004
[ 1896.509655][T29325] RBP: 00007fc0e9dea090 R08: 0000000000000000 R09: 0000000000000000
[ 1896.509662][T29325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1896.509668][T29325] R13: 0000000000000000 R14: 00007fc0e91b5fa0 R15: 00007ffe36000b58
[ 1896.509681][T29325]  </TASK>
[ 1896.509692][T29325] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1897.057047][T29333] tipc: Started in network mode
[ 1897.073916][T29333] tipc: Node identity d6847ab8d0f3, cluster identity 4711
[ 1897.104891][T29333] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1897.139092][T29336] syzkaller0: entered promiscuous mode
[ 1897.152088][T29336] syzkaller0: entered allmulticast mode
[ 1897.721576][T29333] netlink: zone id is out of range
[ 1897.726931][T29333] netlink: zone id is out of range
[ 1897.732856][T29333] netlink: zone id is out of range
[ 1897.737938][T29333] netlink: zone id is out of range
[ 1897.743846][T29333] netlink: zone id is out of range
[ 1897.749138][T29333] netlink: zone id is out of range
[ 1897.764394][T29333] netlink: zone id is out of range
[ 1897.769907][T29333] netlink: zone id is out of range
[ 1897.777468][T29333] netlink: zone id is out of range
[ 1897.782863][T29333] netlink: zone id is out of range
[ 1898.289388][   T43] tipc: Node number set to 108493496
[ 1898.334901][T29330] tipc: Resetting bearer <eth:syzkaller0>
[ 1898.415545][T29330] tipc: Disabling bearer <eth:syzkaller0>
[ 1898.518041][T29357] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[ 1898.765913][ T5893] usb 7-1: new high-speed USB device number 50 using dummy_hcd
[ 1898.927794][T29361] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8208 sclass=netlink_route_socket pid=29361 comm=syz.4.6442
[ 1899.059346][ T5893] usb 7-1: Using ep0 maxpacket: 8
[ 1899.158854][ T5893] usb 7-1: config 0 has an invalid interface number: 200 but max is 0
[ 1899.172312][ T5893] usb 7-1: config 0 has no interface number 0
[ 1899.185002][ T5893] usb 7-1: config 0 interface 200 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1899.200916][ T5893] usb 7-1: config 0 interface 200 has no altsetting 0
[ 1899.273768][ T5893] usb 7-1: New USB device found, idVendor=0b57, idProduct=852a, bcdDevice=6d.39
[ 1899.369650][ T5893] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1899.422924][ T5893] usb 7-1: Product: syz
[ 1899.448603][ T5893] usb 7-1: Manufacturer: syz
[ 1899.476437][ T5893] usb 7-1: SerialNumber: syz
[ 1899.546524][ T5893] usb 7-1: config 0 descriptor??
[ 1900.439229][T29348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1900.448015][T29348] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1900.520604][ T5893] input: Hanwang Art Master III 1308 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.200/input/input128
[ 1900.565845][ T5893] usb 7-1: USB disconnect, device number 50
[ 1900.607040][T29371] netlink: 'syz.4.6445': attribute type 3 has an invalid length.
[ 1900.615076][T29371] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.6445'.
[ 1900.996969][T29375] 9pnet_fd: Insufficient options for proto=fd
[ 1901.547497][T29381] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=29381 comm=syz.6.6447
[ 1901.769879][T29388] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=29388 comm=syz.0.6449
[ 1902.599554][T29400] 
[ 1902.601908][T29400] =====================================================
[ 1902.608829][T29400] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[ 1902.616268][T29400] 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 Not tainted
[ 1902.623353][T29400] -----------------------------------------------------
[ 1902.630260][T29400] syz.0.6453/29400 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 1902.637957][T29400] ffffffff8e20c098 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0xed/0xc80
[ 1902.646556][T29400] 
[ 1902.646556][T29400] and this task is already holding:
[ 1902.653895][T29400] ffff88803468d4a0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80
[ 1902.662577][T29400] which would create a new lock dependency:
[ 1902.668441][T29400]  (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3}
[ 1902.676006][T29400] 
[ 1902.676006][T29400] but this new dependency connects a SOFTIRQ-irq-safe lock:
[ 1902.685431][T29400]  (&client->buffer_lock){..-.}-{3:3}
[ 1902.685452][T29400] 
[ 1902.685452][T29400] ... which became SOFTIRQ-irq-safe at:
[ 1902.698482][T29400]   lock_acquire+0x179/0x350
[ 1902.703057][T29400]   _raw_spin_lock+0x2e/0x40
[ 1902.707632][T29400]   evdev_pass_values+0x10e/0x9b0
[ 1902.712643][T29400]   evdev_events+0x1bb/0x390
[ 1902.717220][T29400]   input_pass_values+0x6c4/0x890
[ 1902.722234][T29400]   input_handle_event+0xb29/0x14d0
[ 1902.727421][T29400]   input_inject_event+0x1cd/0x390
[ 1902.732518][T29400]   led_set_brightness+0x217/0x290
[ 1902.737611][T29400]   led_trigger_event+0xda/0x270
[ 1902.742535][T29400]   kbd_bh+0x21b/0x300
[ 1902.746584][T29400]   tasklet_action_common+0x281/0x400
[ 1902.751943][T29400]   handle_softirqs+0x219/0x8e0
[ 1902.756775][T29400]   do_softirq+0xb2/0xf0
[ 1902.760999][T29400]   __local_bh_enable_ip+0x100/0x120
[ 1902.766265][T29400]   unix_release_sock+0x4f0/0x14f0
[ 1902.771366][T29400]   unix_release+0x91/0xf0
[ 1902.775770][T29400]   __sock_release+0xb3/0x270
[ 1902.780432][T29400]   sock_close+0x1c/0x30
[ 1902.784652][T29400]   __fput+0x3ff/0xb70
[ 1902.788702][T29400]   task_work_run+0x14d/0x240
[ 1902.793364][T29400]   exit_to_user_mode_loop+0xeb/0x110
[ 1902.798721][T29400]   do_syscall_64+0x3f6/0x4c0
[ 1902.803386][T29400]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1902.809348][T29400] 
[ 1902.809348][T29400] to a SOFTIRQ-irq-unsafe lock:
[ 1902.816340][T29400]  (tasklist_lock){.+.+}-{3:3}
[ 1902.816361][T29400] 
[ 1902.816361][T29400] ... which became SOFTIRQ-irq-unsafe at:
[ 1902.828955][T29400] ...
[ 1902.828961][T29400]   lock_acquire+0x179/0x350
[ 1902.836086][T29400]   _raw_read_lock+0x5f/0x70
[ 1902.840663][T29400]   __do_wait+0x105/0x890
[ 1902.844982][T29400]   do_wait+0x21e/0x5a0
[ 1902.849126][T29400]   kernel_wait+0x9f/0x160
[ 1902.853522][T29400]   call_usermodehelper_exec_work+0xf1/0x170
[ 1902.859487][T29400]   process_one_work+0x9cf/0x1b70
[ 1902.864493][T29400]   worker_thread+0x6c8/0xf10
[ 1902.869150][T29400]   kthread+0x3c5/0x780
[ 1902.873285][T29400]   ret_from_fork+0x5d4/0x6f0
[ 1902.877952][T29400]   ret_from_fork_asm+0x1a/0x30
[ 1902.882786][T29400] 
[ 1902.882786][T29400] other info that might help us debug this:
[ 1902.882786][T29400] 
[ 1902.892994][T29400] Chain exists of:
[ 1902.892994][T29400]   &client->buffer_lock --> &f_owner->lock --> tasklist_lock
[ 1902.892994][T29400] 
[ 1902.906183][T29400]  Possible interrupt unsafe locking scenario:
[ 1902.906183][T29400] 
[ 1902.914484][T29400]        CPU0                    CPU1
[ 1902.919827][T29400]        ----                    ----
[ 1902.925168][T29400]   lock(tasklist_lock);
[ 1902.929392][T29400]                                local_irq_disable();
[ 1902.936122][T29400]                                lock(&client->buffer_lock);
[ 1902.943470][T29400]                                lock(&f_owner->lock);
[ 1902.950301][T29400]   <Interrupt>
[ 1902.953734][T29400]     lock(&client->buffer_lock);
[ 1902.958741][T29400] 
[ 1902.958741][T29400]  *** DEADLOCK ***
[ 1902.958741][T29400] 
[ 1902.966864][T29400] 2 locks held by syz.0.6453/29400:
[ 1902.972039][T29400]  #0: ffff88807a5dc8c0 (&u->lock){+.+.}-{3:3}, at: unix_stream_sendmsg+0xc7b/0x11d0
[ 1902.981514][T29400]  #1: ffff88803468d4a0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80
[ 1902.990633][T29400] 
[ 1902.990633][T29400] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[ 1903.001013][T29400]   -> (&client->buffer_lock){..-.}-{3:3} {
[ 1903.006902][T29400]      IN-SOFTIRQ-W at:
[ 1903.011036][T29400]                         lock_acquire+0x179/0x350
[ 1903.017516][T29400]                         _raw_spin_lock+0x2e/0x40
[ 1903.024016][T29400]                         evdev_pass_values+0x10e/0x9b0
[ 1903.030946][T29400]                         evdev_events+0x1bb/0x390
[ 1903.037434][T29400]                         input_pass_values+0x6c4/0x890
[ 1903.044361][T29400]                         input_handle_event+0xb29/0x14d0
[ 1903.051468][T29400]                         input_inject_event+0x1cd/0x390
[ 1903.058483][T29400]                         led_set_brightness+0x217/0x290
[ 1903.065492][T29400]                         led_trigger_event+0xda/0x270
[ 1903.072328][T29400]                         kbd_bh+0x21b/0x300
[ 1903.078286][T29400]                         tasklet_action_common+0x281/0x400
[ 1903.085555][T29400]                         handle_softirqs+0x219/0x8e0
[ 1903.092303][T29400]                         do_softirq+0xb2/0xf0
[ 1903.098441][T29400]                         __local_bh_enable_ip+0x100/0x120
[ 1903.105623][T29400]                         unix_release_sock+0x4f0/0x14f0
[ 1903.112632][T29400]                         unix_release+0x91/0xf0
[ 1903.118947][T29400]                         __sock_release+0xb3/0x270
[ 1903.125515][T29400]                         sock_close+0x1c/0x30
[ 1903.131647][T29400]                         __fput+0x3ff/0xb70
[ 1903.137607][T29400]                         task_work_run+0x14d/0x240
[ 1903.144180][T29400]                         exit_to_user_mode_loop+0xeb/0x110
[ 1903.151445][T29400]                         do_syscall_64+0x3f6/0x4c0
[ 1903.158012][T29400]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1903.165883][T29400]      INITIAL USE at:
[ 1903.169931][T29400]                        lock_acquire+0x179/0x350
[ 1903.176322][T29400]                        _raw_spin_lock+0x2e/0x40
[ 1903.182727][T29400]                        evdev_pass_values+0x10e/0x9b0
[ 1903.189564][T29400]                        evdev_events+0x1bb/0x390
[ 1903.195965][T29400]                        input_pass_values+0x6c4/0x890
[ 1903.202805][T29400]                        input_handle_event+0xf00/0x14d0
[ 1903.209817][T29400]                        input_inject_event+0x1cd/0x390
[ 1903.216743][T29400]                        evdev_write+0x457/0x750
[ 1903.223058][T29400]                        vfs_write+0x2a0/0x1150
[ 1903.229287][T29400]                        ksys_write+0x1f8/0x250
[ 1903.235516][T29400]                        do_syscall_64+0xcd/0x4c0
[ 1903.241911][T29400]                        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1903.249697][T29400]    }
[ 1903.252352][T29400]    ... key      at: [<ffffffff9b107fe0>] __key.1+0x0/0x40
[ 1903.259621][T29400]  -> (&new->fa_lock){....}-{3:3} {
[ 1903.264817][T29400]     INITIAL USE at:
[ 1903.268775][T29400]                      lock_acquire+0x179/0x350
[ 1903.274995][T29400]                      _raw_write_lock_irq+0x36/0x50
[ 1903.281657][T29400]                      fasync_remove_entry+0xb2/0x1e0
[ 1903.288403][T29400]                      fasync_helper+0xaf/0xd0
[ 1903.294540][T29400]                      pipe_fasync+0x117/0x200
[ 1903.300684][T29400]                      __fput+0x96b/0xb70
[ 1903.306387][T29400]                      task_work_run+0x14d/0x240
[ 1903.312694][T29400]                      exit_to_user_mode_loop+0xeb/0x110
[ 1903.319711][T29400]                      do_syscall_64+0x3f6/0x4c0
[ 1903.326016][T29400]                      entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1903.333626][T29400]     INITIAL READ USE at:
[ 1903.338020][T29400]                           lock_acquire+0x179/0x350
[ 1903.344672][T29400]                           _raw_read_lock_irqsave+0x74/0x90
[ 1903.352033][T29400]                           kill_fasync+0x138/0x510
[ 1903.358604][T29400]                           pipe_release+0x191/0x320
[ 1903.365258][T29400]                           __fput+0x3ff/0xb70
[ 1903.371396][T29400]                           task_work_run+0x14d/0x240
[ 1903.378137][T29400]                           exit_to_user_mode_loop+0xeb/0x110
[ 1903.385574][T29400]                           do_syscall_64+0x3f6/0x4c0
[ 1903.392317][T29400]                           entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1903.400363][T29400]   }
[ 1903.402928][T29400]   ... key      at: [<ffffffff9ae28280>] __key.0+0x0/0x40
[ 1903.410105][T29400]   ... acquired at:
[ 1903.413971][T29400]    _raw_read_lock_irqsave+0x74/0x90
[ 1903.419329][T29400]    kill_fasync+0x138/0x510
[ 1903.423899][T29400]    evdev_pass_values+0x619/0x9b0
[ 1903.428996][T29400]    evdev_events+0x1bb/0x390
[ 1903.433662][T29400]    input_pass_values+0x6c4/0x890
[ 1903.438766][T29400]    input_handle_event+0xf00/0x14d0
[ 1903.444046][T29400]    input_inject_event+0x1cd/0x390
[ 1903.449231][T29400]    evdev_write+0x457/0x750
[ 1903.453808][T29400]    vfs_write+0x2a0/0x1150
[ 1903.458296][T29400]    ksys_write+0x1f8/0x250
[ 1903.462783][T29400]    do_syscall_64+0xcd/0x4c0
[ 1903.467440][T29400]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1903.473488][T29400] 
[ 1903.475791][T29400] -> (&f_owner->lock){....}-{3:3} {
[ 1903.480983][T29400]    INITIAL USE at:
[ 1903.484853][T29400]                    lock_acquire+0x179/0x350
[ 1903.490899][T29400]                    _raw_write_lock_irq+0x36/0x50
[ 1903.497388][T29400]                    __f_setown+0x61/0x3c0
[ 1903.503177][T29400]                    do_fcntl+0x1098/0x15a0
[ 1903.509052][T29400]                    __x64_sys_fcntl+0x163/0x200
[ 1903.515362][T29400]                    do_syscall_64+0xcd/0x4c0
[ 1903.521410][T29400]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1903.528850][T29400]    INITIAL READ USE at:
[ 1903.533164][T29400]                         lock_acquire+0x179/0x350
[ 1903.539642][T29400]                         _raw_read_lock_irq+0x67/0x80
[ 1903.546476][T29400]                         f_getown+0x57/0x300
[ 1903.552526][T29400]                         sock_ioctl+0x1f2/0x6b0
[ 1903.558843][T29400]                         __x64_sys_ioctl+0x18e/0x210
[ 1903.565594][T29400]                         do_syscall_64+0xcd/0x4c0
[ 1903.572075][T29400]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1903.579944][T29400]  }
[ 1903.582422][T29400]  ... key      at: [<ffffffff9ae282c0>] __key.1+0x0/0x40
[ 1903.589515][T29400]  ... acquired at:
[ 1903.593296][T29400]    _raw_read_lock_irqsave+0x74/0x90
[ 1903.598657][T29400]    send_sigio+0x31/0x3e0
[ 1903.603055][T29400]    kill_fasync+0x214/0x510
[ 1903.607630][T29400]    sock_wake_async+0x132/0x160
[ 1903.612552][T29400]    unix_release_sock+0xc0d/0x14f0
[ 1903.617735][T29400]    unix_release+0x91/0xf0
[ 1903.622223][T29400]    __sock_release+0xb3/0x270
[ 1903.626965][T29400]    sock_close+0x1c/0x30
[ 1903.631274][T29400]    __fput+0x3ff/0xb70
[ 1903.635408][T29400]    task_work_run+0x14d/0x240
[ 1903.640158][T29400]    exit_to_user_mode_loop+0xeb/0x110
[ 1903.645601][T29400]    do_syscall_64+0x3f6/0x4c0
[ 1903.650343][T29400]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1903.656390][T29400] 
[ 1903.658691][T29400] 
[ 1903.658691][T29400] the dependencies between the lock to be acquired
[ 1903.658698][T29400]  and SOFTIRQ-irq-unsafe lock:
[ 1903.672170][T29400] -> (tasklist_lock){.+.+}-{3:3} {
[ 1903.677275][T29400]    HARDIRQ-ON-R at:
[ 1903.681233][T29400]                     lock_acquire+0x179/0x350
[ 1903.687363][T29400]                     _raw_read_lock+0x5f/0x70
[ 1903.693503][T29400]                     __do_wait+0x105/0x890
[ 1903.699386][T29400]                     do_wait+0x21e/0x5a0
[ 1903.705091][T29400]                     kernel_wait+0x9f/0x160
[ 1903.711049][T29400]                     call_usermodehelper_exec_work+0xf1/0x170
[ 1903.718574][T29400]                     process_one_work+0x9cf/0x1b70
[ 1903.725142][T29400]                     worker_thread+0x6c8/0xf10
[ 1903.731365][T29400]                     kthread+0x3c5/0x780
[ 1903.737063][T29400]                     ret_from_fork+0x5d4/0x6f0
[ 1903.743289][T29400]                     ret_from_fork_asm+0x1a/0x30
[ 1903.749687][T29400]    SOFTIRQ-ON-R at:
[ 1903.753651][T29400]                     lock_acquire+0x179/0x350
[ 1903.759781][T29400]                     _raw_read_lock+0x5f/0x70
[ 1903.765919][T29400]                     __do_wait+0x105/0x890
[ 1903.771800][T29400]                     do_wait+0x21e/0x5a0
[ 1903.777507][T29400]                     kernel_wait+0x9f/0x160
[ 1903.783463][T29400]                     call_usermodehelper_exec_work+0xf1/0x170
[ 1903.790990][T29400]                     process_one_work+0x9cf/0x1b70
[ 1903.797560][T29400]                     worker_thread+0x6c8/0xf10
[ 1903.803783][T29400]                     kthread+0x3c5/0x780
[ 1903.809485][T29400]                     ret_from_fork+0x5d4/0x6f0
[ 1903.815713][T29400]                     ret_from_fork_asm+0x1a/0x30
[ 1903.822109][T29400]    INITIAL USE at:
[ 1903.825984][T29400]                    lock_acquire+0x179/0x350
[ 1903.832028][T29400]                    _raw_write_lock_irq+0x36/0x50
[ 1903.838515][T29400]                    copy_process+0x4c68/0x7650
[ 1903.844740][T29400]                    kernel_clone+0xfc/0x960
[ 1903.850707][T29400]                    user_mode_thread+0xc7/0x110
[ 1903.857021][T29400]                    rest_init+0x23/0x2b0
[ 1903.862723][T29400]                    start_kernel+0x3ee/0x4d0
[ 1903.868768][T29400]                    x86_64_start_reservations+0x18/0x30
[ 1903.875768][T29400]                    x86_64_start_kernel+0x130/0x190
[ 1903.882419][T29400]                    common_startup_64+0x13e/0x148
[ 1903.888904][T29400]    INITIAL READ USE at:
[ 1903.893216][T29400]                         lock_acquire+0x179/0x350
[ 1903.899697][T29400]                         _raw_read_lock+0x5f/0x70
[ 1903.906185][T29400]                         __do_wait+0x105/0x890
[ 1903.912416][T29400]                         do_wait+0x21e/0x5a0
[ 1903.918470][T29400]                         kernel_wait+0x9f/0x160
[ 1903.924776][T29400]                         call_usermodehelper_exec_work+0xf1/0x170
[ 1903.932652][T29400]                         process_one_work+0x9cf/0x1b70
[ 1903.939568][T29400]                         worker_thread+0x6c8/0xf10
[ 1903.946137][T29400]                         kthread+0x3c5/0x780
[ 1903.952181][T29400]                         ret_from_fork+0x5d4/0x6f0
[ 1903.958759][T29400]                         ret_from_fork_asm+0x1a/0x30
[ 1903.965501][T29400]  }
[ 1903.967977][T29400]  ... key      at: [<ffffffff8e20c098>] tasklist_lock+0x18/0x40
[ 1903.975678][T29400]  ... acquired at:
[ 1903.979461][T29400]    lock_acquire+0x179/0x350
[ 1903.984117][T29400]    _raw_read_lock+0x5f/0x70
[ 1903.988779][T29400]    send_sigurg+0xed/0xc80
[ 1903.993265][T29400]    sk_send_sigurg+0x76/0x360
[ 1903.998016][T29400]    unix_stream_sendmsg+0xeb3/0x11d0
[ 1904.003375][T29400]    ____sys_sendmsg+0xa95/0xc70
[ 1904.008296][T29400]    ___sys_sendmsg+0x134/0x1d0
[ 1904.013124][T29400]    __sys_sendmmsg+0x200/0x420
[ 1904.017953][T29400]    __x64_sys_sendmmsg+0x9c/0x100
[ 1904.023043][T29400]    do_syscall_64+0xcd/0x4c0
[ 1904.027703][T29400]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1904.033752][T29400] 
[ 1904.036055][T29400] 
[ 1904.036055][T29400] stack backtrace:
[ 1904.041922][T29400] CPU: 1 UID: 60928 PID: 29400 Comm: syz.0.6453 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1904.041945][T29400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1904.041954][T29400] Call Trace:
[ 1904.041960][T29400]  <TASK>
[ 1904.041966][T29400]  dump_stack_lvl+0x116/0x1f0
[ 1904.041981][T29400]  check_irq_usage+0x7dc/0x920
[ 1904.042006][T29400]  ? check_path.constprop.0+0x24/0x50
[ 1904.042030][T29400]  ? __lock_acquire+0x1285/0x1c90
[ 1904.042043][T29400]  __lock_acquire+0x1285/0x1c90
[ 1904.042057][T29400]  ? find_held_lock+0x2b/0x80
[ 1904.042077][T29400]  lock_acquire+0x179/0x350
[ 1904.042090][T29400]  ? send_sigurg+0xed/0xc80
[ 1904.042109][T29400]  _raw_read_lock+0x5f/0x70
[ 1904.042130][T29400]  ? send_sigurg+0xed/0xc80
[ 1904.042146][T29400]  send_sigurg+0xed/0xc80
[ 1904.042163][T29400]  ? find_held_lock+0x2b/0x80
[ 1904.042182][T29400]  sk_send_sigurg+0x76/0x360
[ 1904.042205][T29400]  unix_stream_sendmsg+0xeb3/0x11d0
[ 1904.042229][T29400]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[ 1904.042246][T29400]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[ 1904.042272][T29400]  ____sys_sendmsg+0xa95/0xc70
[ 1904.042290][T29400]  ? copy_msghdr_from_user+0x10a/0x160
[ 1904.042304][T29400]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1904.042323][T29400]  ? find_held_lock+0x2b/0x80
[ 1904.042341][T29400]  ? futex_unqueue+0x133/0x2c0
[ 1904.042364][T29400]  ___sys_sendmsg+0x134/0x1d0
[ 1904.042377][T29400]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1904.042395][T29400]  ? find_held_lock+0x2b/0x80
[ 1904.042418][T29400]  __sys_sendmmsg+0x200/0x420
[ 1904.042432][T29400]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1904.042449][T29400]  ? __pfx_do_futex+0x10/0x10
[ 1904.042474][T29400]  ? xfd_validate_state+0x61/0x180
[ 1904.042498][T29400]  __x64_sys_sendmmsg+0x9c/0x100
[ 1904.042511][T29400]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1904.042534][T29400]  do_syscall_64+0xcd/0x4c0
[ 1904.042549][T29400]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1904.042564][T29400] RIP: 0033:0x7f4e41f8e9a9
[ 1904.042578][T29400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1904.042594][T29400] RSP: 002b:00007f4e42ee0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1904.042608][T29400] RAX: ffffffffffffffda RBX: 00007f4e421b5fa0 RCX: 00007f4e41f8e9a9
[ 1904.042618][T29400] RDX: 0000000000000001 RSI: 0000200000006c40 RDI: 0000000000000003
[ 1904.042627][T29400] RBP: 00007f4e42010d69 R08: 0000000000000000 R09: 0000000000000000
[ 1904.042636][T29400] R10: 0000000020000015 R11: 0000000000000246 R12: 0000000000000000
[ 1904.042645][T29400] R13: 0000000000000000 R14: 00007f4e421b5fa0 R15: 00007ffc66eda708
[ 1904.042658][T29400]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1904.415346][T29401] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6452'.
[ 1905.031061][T27311] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1905.091079][T27311] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1905.142289][T27311] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1905.190876][T27311] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1905.260504][T27311] bridge_slave_1: left allmulticast mode
[ 1905.266120][T27311] bridge_slave_1: left promiscuous mode
[ 1905.271780][T27311] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1905.279987][T27311] bridge_slave_0: left allmulticast mode
[ 1905.285597][T27311] bridge_slave_0: left promiscuous mode
[ 1905.291802][T27311] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1905.375253][T27311] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1905.384835][T27311] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1905.394917][T27311] bond0 (unregistering): Released all slaves
[ 1905.583850][T27311] hsr_slave_0: left promiscuous mode
[ 1905.589416][T27311] hsr_slave_1: left promiscuous mode
[ 1905.594882][T27311] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1905.602295][T27311] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1905.610041][T27311] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1905.617403][T27311] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1905.626372][T27311] veth1_macvtap: left promiscuous mode
[ 1905.632612][T27311] veth0_macvtap: left promiscuous mode
[ 1905.638080][T27311] veth1_vlan: left promiscuous mode
[ 1905.643574][T27311] veth0_vlan: left promiscuous mode
[ 1906.262428][T27311] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1906.311955][T27311] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1906.363999][T27311] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1906.412145][T27311] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1906.470480][T27311] bridge_slave_1: left promiscuous mode
[ 1906.476137][T27311] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1906.483808][T27311] bridge_slave_0: left promiscuous mode
[ 1906.489473][T27311] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1906.497564][T27311] bridge_slave_1: left allmulticast mode
[ 1906.503639][T27311] bridge_slave_1: left promiscuous mode
[ 1906.509613][T27311] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1906.517314][T27311] bridge_slave_0: left allmulticast mode
[ 1906.523022][T27311] bridge_slave_0: left promiscuous mode
[ 1906.528607][T27311] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1906.793896][T27311] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1906.803143][T27311] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1906.812012][T27311] bond0 (unregistering): Released all slaves
[ 1906.912108][T27311] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1906.921709][T27311] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1906.931159][T27311] bond0 (unregistering): Released all slaves
[ 1906.968289][T27311] tipc: Disabling bearer <udp:syz2>
[ 1906.975850][T27311] tipc: Left network mode
[ 1907.212713][T27311] hsr_slave_0: left promiscuous mode
[ 1907.218247][T27311] hsr_slave_1: left promiscuous mode
[ 1907.224266][T27311] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1907.231684][T27311] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1907.240941][T27311] hsr_slave_0: left promiscuous mode
[ 1907.246441][T27311] hsr_slave_1: left promiscuous mode
[ 1907.251912][T27311] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1907.259338][T27311] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1907.266723][T27311] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1907.274235][T27311] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1907.283753][T27311] veth1_macvtap: left promiscuous mode
[ 1907.289238][T27311] veth0_macvtap: left promiscuous mode
[ 1907.294757][T27311] veth1_vlan: left promiscuous mode
[ 1907.300239][T27311] veth0_vlan: left promiscuous mode